Hi _az,
Bingo !
I imported your .der file to my java jdk1.7.0_11 trust store and the problem is solved !
I can access files on https://www.kreator.ch from my Windows eclipse environment.
I hope that my tries to import my own certificate instead of the DST Root CA X3 will remain secret 
Just for my understanding: how did you generate trustidrootx3_chain.der file ?
I did some tries on my own to generate it via Chrome from https://letsencrypt.org/certificates/ and https://valid-isrgrootx1.letsencrypt.org/ and none of them worked.
Now, if you still support me, we could go to the main course.
My initial problem was, and still is, Problem updating ACME TLS-SNI-01 to alternative validation method
Despite the help of @rg305 we were not able to solve this issue. Beginning of February we had a tough and stressfull night (we were in my production environment !) trying to update but we failed. Fortunately @rg305 helped me to regenerate the “old fashion (certbot v 0.28)” certificates.
This certificate expires on May 2, 2019.
In order to avoid another nightmarish night like the one we had with Rudy, I decided not to try to fix this issue in production anymore.
I acquired another hosting and an another dns (kreator2.ch) and will reproduce a brave new environment for my web application.
I will try there to install Let’s Encrypt certificates with an alternative validation method.
For sure I will fail 
Can I come back to you in a couple of days to take advantage of your experience in order to try to fix this issue ?
Thanks for your help so far and I hope you will not “let me down” 
Kind regards.