As documented here:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/
Since DST_Root_CA_X3 expired on September 30th, any kind of HTTPS hook against a Let's Encrypt HTTPS host is failing with "HTTP 60" in the HEAD log and an empty BODY log.
I managed to figure out this is to be fixed in rARC, specifically in resources/ssl/default.pem; but I'm unsure as to how that file was being maintained / generated. Hopefully somebody else knows and can chime in.
In the meantime I symlinked my (FreeBSD) system's CA bundle with:
ln -s /usr/local/share/certs/ca-root-nss.crt ${ARCANIST}/resources/ssl/custom.pem
which fixes the issue for me, but someone else is likely going to run against this issue.