To be clear I had run openssl on the site to get the certificate information
openssl s_client -connect {MyWebsiteUrl}:443 -servername {MyWebsiteUrl} -showcerts
And this was the AI answer
What the output says (short)
Your server is sending the leaf certificate and the Let’s Encrypt R13 intermediate.
Verify return code: 20 (unable to get local issuer certificate) — OpenSSL could not find a trusted issuer for the intermediate (ISRG Root X1) in its local trust store or could not build a complete chain to a trust anchor.
In practice this means the certificate chain your server presented is incomplete or not usable by the client (or the client’s trust store is missing the needed root). Some clients (browsers/OS combos) will tolerate this or fetch missing intermediates themselves; others (Brave in your case) show “Not secure”.
Most likely cause
You are not serving the full certificate chain in the form browsers expect. With Let’s Encrypt you must serve the full chain (leaf + intermediate(s)) — the file commonly called fullchain.pem. If you only configured the server with the leaf certificate file (or with a wrong file/order), some clients will fail to validate.
Normally I would hate to post generated information but I don't have anything else to go on at the moment