I've read these stuffs:
We've tried mobile data and different ISPs and the problem seems to persist.
https://maulwuff.de/research/ssl-debugging.html
https://serverfault.com/questions/872424/why-are-some-people-getting-a-connection-not-secure-page-when-accessing-my-serve
Would ssl pinning fix this issue of very few clients getting ssl error?
https://developers.wultra.com/components/ssl-pinning-android/1.3.x/documentation/
There is an option to install CA cert on android, but is it worth the hassle or is there something simpler and efficient?
Is the SSL error with an internal-facing webpage or an externally-facing one?
If the cert for the webpage depends upon reaching a particular CA server, then if a path between the CA server and the endpoint does not exist, the SSL operation will fail. If the cert for the webpage is from an internal CA server, then the root cert must be installed on the endpoint. If the cert is from a third-party commercial entity, then it is likely that the root cert is already installed on the endpoint, but if damaged will require re-installation.
What's the exact issue and errors observed?