If you are affected, and Android 7.1 and older is not able to connect with your server,
check on SSL Server Test (Powered by Qualys SSL Labs) if your Let’s encrypt Root CA X3 is expired:
DST Root CA X3 Self-signed
Fingerprint SHA256: 0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Valid until: Thu, 30 Sep 2021 14:01:15 UTC
Weak or insecure signature, but no impact on root certificate
SOLUTION: choose in menu for your domain ssl-tls and tab “edge-certificates”. Here click “Order advanced certificate” and choose the one from DigiCert. And remove the let’s encrypt one from your domain.
You are welcome!