After some fiddling I managed to get Let’s Enrypt SSL Certificates working on my Mac Mini Server running the latest copy of El Capitan. I have set up an alias for the .well-known folder to circumvent the problem that the built in Apache server did not serve the hidden folder and a cron job which updates the certificate on a regular basis. All I have to do is manually switch from on certificate to the next in the server app every other month.
This setup works fine for my websites and webservices I have set up using the server app (calender, contacts, etc.).
Then I have tried to use the certificate to enable RADIUS authentication in conjunction with my airport base-station for my household members. Setup worked fully automatic and smooth via the server app. When I log in using RADIUS authentication using my macbook, this works fine. I get to see the certificate once to confirm it and it works. There is no error of complain from OS X concerning the certificate.
When I try to log-in the same way using an iOS device, I get a message that the certificate is not trusted. Does anyone have an idea why this might happen and what to do about it? Is someone else using LE for RADIUS services? I could continue and agree to use the untrusted certificate until it is renewed - but that would not solve the underlying problem…
Thanks a lot for you help!