Common browsers will prompt that SSL certificates are not trusted for the following reasons:
First, the SSL certificate expires.
SSL certificates have an effective date. At present, the longest validity period of SSL certificate is 2 years, so be sure to pay attention to the expiration time of SSL certificate.
Second, SSL certificates come from untrusted CA organizations.
CA organization is the issuing authority of certificates. Anyone can issue a certificate. We can issue certificates to our own websites or install our own certificates for others. This certificate is completely free, as long as you know something about it, but it is not trusted by other clients by default. Usually, the client will prompt "This certificate comes from an untrusted CA institution".
Third, the client does not support the SNI protocol.
This will happen in general Windows XP systems, and versions below Android 4.2 will also appear. Most of the reasons are that these systems are too old, and the number of people currently using them is very small, so it is not recommended for everyone to use them. Most of these older systems don't support the SNI(Server Name Indication) protocol, but at present, the mainstream operating systems all support this protocol, so you don't have to worry too much.
Fourth, SSL certificate installation is incomplete.
The application and installation of SSL certificates are generally prone to mistakes at the first time, so you can seek professional help.