Please elaborate.
I'm not seeing where I was off-point here. The OP was asking how to add "ISRG Root X1" to CP Trusted CA list because he thought it was missing and causes his problems.
Deamon and I were answering approprietly.
Later, OP edited his post and said that the "ISRG Root X1" was already there and the real problem is another.
You are just linking to the general information, that all people who forgot to update their CA chains (it whatever tools) despite the expiration of the old cross-signed chain was well known for many years.
Check Point did not forgot it (it was added to the provided updateFile.zip long ago), but due to the quite broken update mechanism, it was not so unlikly that OPs SMS did not have it installed yet. That was the whole point of my post.
Am I missing something?