Certificate store is /etc/ca-certificates.conf and comment out with an ! in front like this:
!mozilla/DST_Root_CA_X3.crt
Then save and then run update_ca_certificates
And then restart affected services (apache, dovecot, whatever) using the cert.
1 Like