Amazon Linux AMI does not trust the new ISRG Root X1 root CA.
Amazon Linux AMI is EOL which is probably why they are not getting the security updates needed to be compatible with ISRG Root X1. But there are many customers still using it, I've seen a few support cases opened in the last few days on this and there could be more.
Some AWS lambda services are still hosted on Amazon Linux AMI, see https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html.
Can we add a section in this doc similar to the "Hard-coded Certificate Authority" and the "Java user" section to warn people that if they are on Amazon Linux AMI they should migrate before September to Amazon Linux 2 which supports ISRG Root X1.