This is usually due to not providing the chain (intermediate) certificate, which establishes that Let’s Encrypt is authorized to issue trusted certificates. If you’re using Certbot, the chain certificate is found in chain.pem and is also included in fullchain.pem. If you’re using only cert.pem in any application, your chain will be incomplete and the certificate will be rejected by at least some clients.