Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It sounds like your TV Browser does a poor job of validating certs. You could consider using the "short chain" for Let's Encrypt. Or, you may have to switch to another free CA which your TV understands.
The "short chain" is selected using the --preferred-chain 'ISRG Root X1' on your certbot command line. You could also manually remove the last cert in the "fullchain.pem" as a test. That gives the same effect as the "short chain"
The --preferred-chain option needs Certbot v1.12 or later.
The use of the "short chain" has some tradeoffs. The "long chain" has an extra intermediate cert DST Root CA X3 to provide compatibility with older Android systems. If your websites also need to support these older Android (in addition to your TVs) you will need to use another Certificate Authority. See topics below
In this case @Bruce5051 mentioned earlier in the thread that 0.40.0 is an old version of Certbot (something you often mention in threads when people are using this version). You're both certainly right that this is a very old Certbot version, but people reading that information may have to guess why it was mentioned. In this case I imagine @rbl.schwarz may have thought that old versions of Certbot somehow produce less compatible certificates, which is not the case but doesn't seem like an unreasonable thing for someone to guess!
Upgrading to a newer Certbot can definitely be useful, but it might be helpful to mention the upshot of using an old Certbot version so that people don't have to speculate. E.g. something like
0.40.0 is a pretty old Certbot version (though it may be the newest one available from your OS package manager); while this is probably not related to your current problem, there may be reliability benefits in the future from upgrading to a newer version.
0.40.0 is a pretty old Certbot version (though it may be the newest one available from your OS package manager); upgrading to a newer version might make it more likely to understand your web server configuration properly, and so more likely to successfully obtain and install the certificates in your web server automatically.
Well, if the short chain is working, ISRG Root X1 must be in its trust store.
I think Chrome can get updates to its security components separately from its main version number, and often uses its host operating system trust store, though I don't have any idea how any of that works on an embedded device like a TV.