Welcome to Headwind MDM Q&A, where you can ask questions and receive answers from other members of the community.
Please do not post bug reports, missing feature requests, or demo inquiries. If you have such an inquiry, submit a contact form.
Since February 2024, LetsEncrypt officially uses its self-signed certificate ISRG ROOT X1 which is unknown to older devices, and since October 2024, their legacy (cross-signed) certificate is retired. See details here: https://letsencrypt.org/certificates/
Unfortunately LetsEncrypt officially doesn't support legacy Android devices any more. See details here: https://community.letsencrypt.org/t/shortening-the-lets-encrypt-chain-of-trust/201580
To support older devices, we recommend purchasing a commercial certificate by one of providers and install it to Headwind MDM. We recommend GoGetSSL: https://www.gogetssl.com
If the issue persists, ask the provider for existing cross-signed certificates for its root certificate and include them into your keystore file. For example, here's the list of cross-signed certificates for GlobalSign: https://support.globalsign.com/ca-certificates/root-certificates/globalsign-cross-certificates
For example, if your root certificate is GlobalSign R6 (untrusted on older devices), then add the cross-signed certificate 'R6 signed by R1'.