Thanks.
I have no plan but at least it seems that it was common opinion that I had the wrong file configured...
I tried the ReportURI tool on the 3 fragments of the fullchain file:
cert 1:
Common Name: lechner.eu.com
Issued By: Let's Encrypt
Issuing Certificate: R3
Serial Number: 03C780BB642B55424C0A71276CB350B08AAB
Signature: sha256WithRSAEncryption
Valid From: 09:46:18 28 Oct 2022
Valid To: 09:46:17 26 Jan 2023
Key Usage: Digital Signature, Key Encipherment
...
cert 2:
Common Name: R3
Issued By: Internet Security Research Group
Issuing Certificate: ISRG Root X1
Serial Number: 912B084ACF0C18A753F6D62E25A75F5A
Signature: sha256WithRSAEncryption
Valid From: 00:00:00 04 Sep 2020
Valid To: 16:00:00 15 Sep 2025
Key Usage: Digital Signature, Certificate Sign, CRL Sign
Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication
Basic Constraints: CA:TRUE, pathlen:0
cert 3:
Common Name: ISRG Root X1
Issued By: Internet Security Research Group
Issuing Certificate: ISRG Root X1
Serial Number: 8210CFB0D240E3594463E0BB63828B00
Signature: sha256WithRSAEncryption
Valid From: 11:04:38 04 Jun 2015
Valid To: 11:04:38 04 Jun 2035
Key Usage: Certificate Sign, CRL Sign
Basic Constraints: CA:TRUE
no idea what all this means.
Can you say if the full_chain.crt is generated correctly?