Your site isn’t publicly reachable, so I was unable to confirm this, but issues like this are typically due to missing intermediate (chain) certificates. Intermediate certificates help HTTP clients build a trust chain back to a trusted root certificate. Browsers like Safari tend to cache these from other sites you visited, or might even be able to fetch them automatically, but other HTTP clients often don’t to anything like that.
You can verify this using openssl with something like this: /usr/local/opt/libressl/bin/openssl s_client -connect mastodon.at:443 -showcerts | grep "s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3"
If grep doesn’t find that string, you’re not sending the intermediate certificate.
The remediation steps depend on your web server and the ACME client you used. If you use certbot, make sure that you use either fullchain.pem somewhere in your web server confiugration, or both cert.pem and chain.pem. You can get instructions for your web server (and its exact version - there are differences with apache, for example) using Mozilla’s SSL Configuration Generator. If you can (temporarily) open your web server to the public and use port 443, SSL Labs will also be able to point out various possible configuration issues.
If none of this helps, is there a way for you to get more detailed logs/a stack trace from your app?