Hi Ran
This is the process I use
A) Download the Certificate and Open it up in windows or linux. Check the certificate has not expired.
B) Check what domains and IPs the certificate will protect. For example a certificate I issue may protect my HOSTNAME (test1.domain.com) and it’s pubic IP (x.x.x.x). If I am browsing from within my network I may use a different host name and IP (in which case the certificate will not be treated as valid)
C) In order for the certificate to work the client (whether its a browser or a java based client) needs to trust the certificate authority. This is done via what’s called an intermediate certifiacte. You can review which clients trust Lets Encrypt here: Which browsers and operating systems support Let’s Encrypt
D) You may need to install the Lets Encrypt Intermediate Certificates in your app/client for it to trust Lets Encrypt. https://letsencrypt.org/certificates/
So in short:
Make sure the certificate hasn’t expired
Make sure the hostname or IP you are using to browse matches whats in the certificate
Make sure you are using a client that trusts the Lets Encrypt Certificate Authority