Since the recent news of Mozilla distrusting WoSign (and consequently StartCom, where we got our certificates), we had issues with some very recent browsers saying that the issuer was no longer trusted.
So today we switched to Let's Encrypt for all of our websites:
The XMPP server still runs on a StartCom certificate, it will do for our app because root certificates are incorporated in the package, so for new certificates we'd have to release a new version. Next beta will have this change.
Sorry for the trouble people, and Merry Christmas.