Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Thanks @Osiris ! Just am a bit confused my server is latest version Home Assistant Arm Linux on a Pi so not Android. As clients am using Ubuntu 20 and IOS 15 so relatively new hard- and software. Any idea what I can do to upgrade the expired root cert ?
Why would you want to? There's no such thing as upgrading the expired cert. The only thing possible is to serve the "short chain", but unless you're running into actual issues (and not some website telling you stuff about the chain) I would advice against that.
Your certificate chain is OK in the sense that it's the expected default chain for Let's Encrypt. Some/most software that integrates Let's Encrypt certificates can let you optionally choose the newer ISRG Root X1 as your preferred chain/issuer.
You mentioned nginx so I assume you are proxing back to home assistant internally and using nginx as your https front end. If so you are probably using Certbot to manage your cert?
My own HA on a Raspberry PI (using the docker based Home Assistant OS) runs Python/3.10 aiohttp/3.8.1 as the server, not nginx, which is why I'm assuming you went to extra effort to use nginx as your web server.
[As an aside, you can use Tailscale for remote access instead of running a public server]