This is usually due to not providing the chain (intermediate) certificate, which establishes that Let’s Encrypt is authorized to issue trusted certificates. If you’re using Certbot, the chain certificate is found in chain.pem
and is also included in fullchain.pem
. If you’re using only cert.pem
in any application, your chain will be incomplete and the certificate will be rejected by at least some clients.