The problem is that the FreeToastHost server is configured to send back the wrong intermediate certificate in the chain. This article explains Let’s Encrypt’s new root and intermediate certificates:
letsencrypt.org/2020/09/17/new-root-and-intermediates.html
You can verify that the FreeToastHost server is incorrectly sending back the X3 intermediate certificate, even though it’s supposed to be sending back the R3 intermediate certificate here:
www.sslshopper.com/ssl-checker.html
As it says on that page,
“The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate”
Although some implementations have some flexibility when verifying certificate chains, Apple is not at fault here. They are validating the chain properly. The correct way to fix this is to ensure the FreeToastHost server sends back the correct R3 intermediate certificate.
Let me know if you have any questions or need me to clarify further. As always, thank you for your work on FreeToastHost!
