Thanks very much.
I did what you suggested and now it is working on a few devices but strangely not all of them. For instance, I have a Mac and an iPhone on which the old certificate is still used…
Apparently, there is a certificate cache problem on certain client machine:
See for example here
Some operating systems hold onto the expired
R3 > DST Root CA X3 chain even if your server is no longer using it. Try a restart of the affected client device.
Restarting, resetting network settings didn’t help on my devices.
And also here
So how come two different Macs connecting to the same site get such different chains of trust?
The answer I suspect lies in the caching of certificate checks. Both my iMac and iPhone have connected to this site previously, and rather than performing a full certificate check every time, macOS is just using old results, which still refer to the old intermediate and Root certificates. My M1 Mac mini had never connected to that site, so had to perform a fresh check on the chain of trust, which then traced back to the current chain with its replaced intermediate and Root certificates.
What can you do about this more generally, to save you from having to make each broken site an exception? As far as I know, nothing that you’d want to. Emptying Safari’s caches doesn’t help, as I think the old certificate information is held in a separate security database to which the user has no access. Unless you know better.
So it is not a “Vaultwarden problem” but I will still come back if someone finds a solution in case other people have this problem…