Hi Nigel, please review the pinned post Upcoming expiry of DST Root CA X3 and R3 intermediate for Let's Encrypt
Is openssl still reporting the old chain or is it windows? If it’s windows, you can ignore that (it’s specific to the machine you are on and which R3 intermediate it chooses to follow).
If openssl says you still have the old chain that’s different.
Feel free to open a support ticket if you don’t want to share your domain here.