Unfortunately there isn't a definitive source, only a bit of noise in the blogs for a few days. AFAIK it was difficult to pinpoint exactly which version of which program was the culprit, since people aren't free to install an arbitrary version of a government-mandated security program. Most website owners just got tired of the bullshit and bought a cheap Sectigo cert instead.
But the symptoms were very clear. Some program, at some point before ISRG Root X1 became included in Windows, had set the registry key \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate to 1, when it should have been 0 by default.
I remember having seen a name being mentioned, but can't find the name now. The program was probably from a healthcare and/or welfare related website, since most of the complaints that came across my desk were from physicians, pharmacists, and welfare workers. No complaints at all from casual shoppers and bank users.
But the symptoms were very clear. Some program, at some point before ISRG Root X1 became included in Windows, had set the registry key \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate to 1, when it should have been 0 by default.
I remember having seen a name being mentioned, but can't find the name now. The program was probably from a healthcare and/or welfare related website, since most of the complaints that came across my desk were from physicians, pharmacists, and welfare workers. No complaints at all from casual shoppers and bank users.