If I understand it right, then has iOS problems sometimes to accept the Let's Encrypt Root certificate without the Trust center root certifcate. This is called chained certificate.
The Let's encrypt root certificate is available here: https://letsencrypt.org/certs/lets-encrypt-r3.pem
To create a chained SSL certificate with the Let's Encrypt certificate it is necessary to create or renew the certificate with certbot for example.
After receiving the new pem certificate file it must be extend with the R3 X1 Root certificate from Let's Encrypt.
This is easy by adding the pure certificate text string of the X1 root certificate after the certificate string withing the new pem Let's encrypt file.
In laradock I've done this by accessing the workspace container and extending the file below /certs/clients/cert1.pem
In my case I've copied the cert.pem file to cert.chained.pem and added the X1 root certificate after the first certificate string.
Then I've exchanged the ssl_certifcate value within the nginx config file.
Before:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
}
After:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate cert.chained.pem;
ssl_certificate_key cert.key;
}
Hints:
Certificate search: https://crt.sh/
Let's encrypt certificates: https://letsencrypt.org/certificates/
Configuring nginx HTTP: http://nginx.org/en/docs/http/configuring_https_servers.html
SSL Checker: https://www.sslshopper.com/ssl-checker.html