Revisiting BetterTLS: Certificate Path Building
Last year the AddTrust root certificate expired and lots of clients had a bad time. Some Roku devices weren't working right, Heroku had problems, and some folks couldn't even curl. In the aftermath Ryan Sleevi wrote a really great blog post not just about the issue of this one certificate's expiry, but the problem that so many TLS implementations have in general with certificate path building.
https://netflixtechblog.com/revisiting-bettertls-certificate-path-building-4c978b79843f