I am not sure this is the perfect solution or not but I fixed it by 2 parts.
Part 1. Set the server to use short chain as the valid example by let's encrypt ("https://valid-isrgrootx1.letsencrypt.org")
1.1. update certbot to latest version from Certbot - Ubuntufocal Nginx
1.2. renew or set certbot with
sudo certbot -d your domain --preferred-chain "ISRG Root X1"
1.3 check result by
openssl s_client -connect valid-isrgrootx1.letsencrypt.org:443
the result should be like:
Certificate chain
0 s:CN = valid-isrgrootx1.letsencrypt.org
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
Part 2. Set flutter to know ISRG Root X1 by
ByteData data = await rootBundle.load('assets/ca/isrgrootx1.pem');
SecurityContext.defaultContext.setTrustedCertificatesBytes(data.buffer.asUint8List());
Put these code in main or first loading app part
isrgrootx1.pem is ISRG Root X1 pem file
link: https://letsencrypt.org/certs/isrgrootx1.pem
For part 2 I think because flutter or dart does not load .pem file as it should from here: