Was flagged in this thread as well:
The curl+opensslwolfssl in the recovery firmware isn’t seeing the newer ISRG root for Letsencrypt, I’m going to try and rebase the recovery firmware soon.
(edit: for some reason muvirt and it’s downstream consumers, e.g recovery firmware were using wolfssl for curl instead of openssl)