This puzzled me for a little while: After setting up my Web sites with free Let's Encrypt security certificates, I suddenly noticed that my sites are not trusted by Chrome on my Android phone anymore.

I found the solution quickly enough. For some reason, Chrome on Android hates the idea of combining the certificate and the certificate chain into a single file.

When I initially set up my Apache server, I had configuration lines like this:

SSLCertificateFile /etc/letsencrypt/live/domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem

which I now changed into this:

SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem

and presto, everything works again on Android.