Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I believe you have a typo of the domain name in your post. I think you meant americanlabrescue.com - not amercian...
Assuming that, the chain you serve is the so-called 'short-chain' ending with the ISRG Root X1. Nothing inherently wrong with that but it will exclude older Android clients and certain others.
As to the problem in the title of your post, I am not an Apple expert but there are apparently problems with older OS X. The below post by a Lets Encrypt Engineer explains that. If that is not helpful, please provide more details about the version of the clients OS and browser having problems reaching your site.
so it looks like the only fix is a manually intervention...
Our clients are not going to be happy with that solution. Is it possible to tweak the auto script that our hosting company is using to automate the Let's Encrypt every 90 days? We have a dedicated server.
Hi Seth,
Thanks for reaching out to me. I'm not sure if it's a "short chain" on the server or not but I can find out from the server support folks. Not sure if this helps or not but I took a screen shot of the different levels of the SSL. Is possible that I should try a different level?