Let's Encrypt dual-root CA cert not verified correctly

Ref.: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Since dawn of Let's E, they have had dual roots. Now the original cert expired and all X.509 certificates issued by Let's Encrypt are considered by certifi-library as invalid and expired. There exists a valid, non-expired root certificate which is completely ignored.

My suggestion to fix this would be to not transfer any expired certificates from Windows store to the .pem-file. This would fix the issue.