Context and back story on this issue, as it may affect other upstream or downstream TLS upload/download workflows.
This is due to the expiration of the AddTrust root today. It means that some out-of-date TLS clients will treat the cert as untrusted (such as OpenSSL prior to 1.1.x)
This only affects non-modern TLS clients that can't follow multiple root-cert trust paths.
The remediations are basically to do one of these (or get the vendor to do it):
A) Remove the untrusted trust path from the cert on the server side, or
B) Upgrade the client to a modern one that can follows multiple trust paths, or
C) Disable cert trust checking on the client (not recommended, but might be temporarily necessary)
Good explainer here from Andrew Ayer, the SSLMate guy:
https://www.agwa.name/blog/post/fixing_ ... expiration
Deliberately broken hostname for testing clients:
Check your server-side cert chain (and generate a new one if needed):