After changing SSLCertificateChainFile to signed_chain.crt
SSLCertificateFile /etc/univention/letsencrypt/signed_chain.crt
SSLCertificateKeyFile /etc/univention/letsencrypt/domain.key
SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem
SSLCertificateChainFile /etc/univention/letsencrypt/**signed_chain.crt**
the command
openssl s_client -connect ucs.<mydomain>.de:443
shows no error anymore.
But yesterday I found out, that Letsencrypt issued new root- and intermediate certificate in September 2020.
I don’t know, how UCS verifies the certificates but it seems, that the validation procedure in the Letsencrypt-App is outdated.