Please CLICK on the item your arrow is pointing at and take a screenshot of the window which will appear.
We saw the "Not secure" message on your first screenshot, but we need the window that appears when you CLICK on it. Drawing arrows doesn't help with that to be honest.
Might be failing for a different reason. And, the "fix" for Safari would be different than for your client using Win7 and Chrome. But, for iPhone 5S, what version of iOS has that phone been updated to?
Let's Encrypt had its DST Root CA X3 certificate expire on Sept30. It is still part of the default chain (the "long chain") and is what your server uses. This was done to provide best support for older Android devices but other older devices may not work as well. If you need to support a wide variety of older clients you might be better off switching to a different Certificate Authority (CA). Something like ZeroSSL or another free CA.
Per @webprofusion
Browse to this site using Google Chrome: https://valid-isrgrootx1.letsencrypt.org/ in chrome, then go back to your site and see if it works. (Note he suggested the Win7 machine might be missing ISRG Root X1 in your thread earlier).
If that does not work, try these instructions@mel_mel posted. It is more complicated and read through the posts following it for full explanation. It sounds like you can not, and probably should not, load the intermediate cert but follow the rest of instructions.
The final option is to switch to a different ACME Certificate Authority (there are a couple of major ones: Automated Certificate Management Environment - Wikipedia), the benefit of doing that can be that the alternative certificate authority may have an more widely trusted root certificate. You would need to test. This is especially useful if you are trying to support a wide range of old client software (windows 7, old iOS, old Android etc).
What kind of solution do you mean? The ISRG Root X1 certificate is accepted in major root certificate stores for more than 5 years now. Let's Encrypt has decided to switch over to this root certificate without a new cross-sign: they have to be on their own without "assistance" of cross-signed roots some day. Only for Android there was a possibility to use a cross-signed cert of the already used (and now expired) root certificate from IdenTrust. But that is a very specific exemption which was only possible for a specific, but large group of users (older Android). No such highly specific situation is possible for other users.
Actually, within the next few years other CAs will start to have the same problem as their various old root certs expire. ZeroSSL stuff will stop working for old operating systems in 2029, which is obviously quite some time away.
Switching over to root certificate without a new cross-sign
So even a safe user from old browser would not be able to visit a lets-encrypt issued ssl website