Hrrmf. That's the catch-all. It happens often yes, but as a naive Letsencrypt user I could imagine other possibilities:
stupid idea 1
could the database update at the certificate transparency logs take some time ? AFAIK there are not transactional database a la Postgres, maybe there is a batch processing that only runs at some time interval.
From
Periodically, perhaps once an hour, a log server appends all of its newly acquired certificates to the log
stupid idea 2
could the user system have a time problem ?
SCT validation status: valid
Signed Certificate Timestamp:
Version : v1 (0x0)
Log : Cloudflare Nimbus2019 Log
Log ID : 74:7E:DA:83:31:AD:33:10:91:21:9C:CE:25:4F:42:70:
C2:BF:FD:5E:42:20:08:C6:37:35:79:E6:10:7B:CC:56
Timestamp : Jun 21 11:23:03.569 2019 GMT
so a log has a timestamp, what if for the browser the timestamp is in the future ? it may be considered not valid.