Did you run that
openssl pkcs12 command from the right directory? Because your server is sending an intermediate certificate, but it’s an old one:
Let's Encrypt Authority X1.
Currently, Let’s Encrypt is using
Let's Encrypt Authority X3. Subtle difference (1 -> 3), but very important.
So the question is: where did the
chain.pem used by you for your
openssl pkcs12 command come from? Did you run it from the
Although it could also be an IIS problem. I can remember trouble with the intermediate certificates and IIS. But I don’t know any more than that, you should be able to find more on this forum about it.