Hello,
This isn’t related to the JWK thumbprint issue. This is simply a trust chain issue on your HTTP request to retrieve the JWK.
We use Let’s Encrypt certificates for your custom domain. OpenSSL is probably using your system certificate store, which is why the connection works there. It looks like your Java environment is missing the Let’s Encrypt root certificate.
Should I need to specify the certificate prior to connecting to https://{custom_doman}/.well-known/jwks.json on the server which is web service built by spring framework ?
Yes. Exactly how to do this depends on what you’re using for HTTP connections. If you’re using Spring there should be good documentation on how to specify a root certificate (hopefully it won’t involve using “keytool” because that is always miserable 
)