This puzzled me for a little while: After setting up my Web sites with free Let's Encrypt security certificates, I suddenly noticed that my sites are not trusted by Chrome on my Android phone anymore.
I found the solution quickly enough. For some reason, Chrome on Android hates the idea of combining the certificate and the certificate chain into a single file.
When I initially set up my Apache server, I had configuration lines like this:
SSLCertificateFile /etc/letsencrypt/live/domain.tld/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
which I now changed into this:
SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
and presto, everything works again on Android.