LetsEncrypt Certs signed by R3 Intermediate cert not Trusted by Sophos XG after reinstalling CA certs.


I recently went through and updated some of my older LetsEncrypt certs and when I imported them they were showing up as Untrusted. The rest I had were still trusted. Unsure as to why, I removed the LetsEncrypt R3 Intermediate and the ISRG Root X1 Certs and re-installed the ones from the LetsEncrypt website, in theory completing the trust chain.

Unfortunately even with these certs installed, Sophos XG still doesn't trust those certs for use as Service certs, and now doesn't trust the original LetsEncrypt certs I had installed. Anyone seen this behaviour before? 

I am running the latest XG build (SFOS 18.5.1 MR-1-Build326), and have rebooted the firewall as a test to see if it recovered. No success.