Replacing the contents of the certificate file located at /etc/univention/letsencrypt/intermediate-r3.pem with https://letsencrypt.org/certs/isrgrootx1.pem.txt and re-running a refresh or setup works as expected for me and successfully renews the certificate.
/usr/share/univention-letsencrypt/setup-letsencrypt
Fri Oct 1 13:06:47 MDT 2021
Refreshing certificate for following domains:
groups.skaggscatholiccenter.org
Parsing account key...
Parsing CSR...
Found domains: groups.skaggscatholiccenter.org
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying groups.skaggscatholiccenter.org...
groups.skaggscatholiccenter.org verified!
Signing certificate...
Certificate signed!
Certificate refreshed at Fri Oct 1 13:06:54 MDT 2021
Setting letsencrypt/status
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.