The reason of this issue is here => https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
So basically we can just remove the expired cert from the ssl cert file as suggested here => https://www.linuxadictos.com/en/ya-iniciaron-los-problemas-generados-por-el-certificado-dst-root-ca-x3.html
My ssl cert file is located in /etc/ssl/cert.pem. I just need to look for the expired cert and comment it out.
Since Im using ruby 2.3.1 which is using openssl 1.0.2t and I dont want to recompile it, I can use the env var SSL_CERT_FILE to tell which ssl cert i want to use in ruby runtime.