Thanks for an answer! Your experiment with
https://self-signed.badssl.com is not quite correctly represents my situation.
Let me explain all the conditions:
1) I created my own Certificate Authority (CA) with help of the tool mkcert (
https://github.com/FiloSottile/mkcert)
CA has it's own certificate files (private and public keys)
2) When I created certificate for my domain, signed it by my CA certificate
3) Of course, if at this time I try to open my domain in browser, it would complain about "Bad SSL Cert"
4) I add my CA certificate to my Android system
5) And now all the browsers trust my certificate.
Now, to reproduce this situation:1) I created NEW my own CA certificates.
2) I've generated certificate for domain
https://self-signed.mihanentalpo.me/3) If you open it in any browser you'll get error NET::ERR_CERT_AUTHORITY_INVALID
4) But if you install my CA certificate into your system, there will be no problem with this site.
Here is the CA certificate (sorry for lots of text)
-----BEGIN CERTIFICATE-----
MIIExTCCAy2gAwIBAgIQbzkfP+GbPPlDnYEnGyBrFzANBgkqhkiG9w0BAQsFADB7
MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExKDAmBgNVBAsMH21paGFu
ZW50YWxwb0BtaWhhbmVudGFscG9TZWNvbmQxLzAtBgNVBAMMJm1rY2VydCBtaWhh
bmVudGFscG9AbWloYW5lbnRhbHBvU2Vjb25kMB4XDTIyMDIxMjE3NTUyMFoXDTMy
MDIxMjE3NTUyMFowezEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSgw
JgYDVQQLDB9taWhhbmVudGFscG9AbWloYW5lbnRhbHBvU2Vjb25kMS8wLQYDVQQD
DCZta2NlcnQgbWloYW5lbnRhbHBvQG1paGFuZW50YWxwb1NlY29uZDCCAaIwDQYJ
KoZIhvcNAQEBBQADggGPADCCAYoCggGBAN5xpwjl98MPFj4CktRvdDIKSJ+A9ScF
AtSO7rve8Qz3LUA43yrUi01feST2WSnq1kcvkvRPAetydCPy7cAFx5E7DMCuY69P
7X+oYoB2u8sY1pl85tJSWy5J7voHc8q3HDm3kvlXobypnEAit6laPJI1q7xjpUXA
70rG5NqOowGgdaZCJTq0VUv6ZmXtOzwpW4GCeXMwEnvj3OGo1gkrIVqPWwSOYaqi
TDgBPgcJDyH3DdvyN4P/nOV20tygcF/5bux03JekLLjX6QVfEuYbSbLOlh+LD33S
nqfodmXWz3Ri8MEGfA74lV1yNcgRsVkG2+GEp8bEFKHGslotCxU9WQKuv8WuP9t9
e9ItDCa9NGO+5ZIAuStkhIf+w6WRjUPwd40NBBUsZxpbk7k+5TEqKkhoO6wUN7+5
rr8ex2xa/ulxJWWk8QtEDlR/B4Bsok8BbmWO9RaMPG+XZbD0XEVWzFxw4LQ136P+
zz1MbzMLJRa75pjYJED4d3jtdtOS74rjRQIDAQABo0UwQzAOBgNVHQ8BAf8EBAMC
AgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU+eUdio+i/GqKyMJN/JnC
dw62tTowDQYJKoZIhvcNAQELBQADggGBAIREnQshvFmunnzlmtZv9Bp8z6Nb9dU/
0wrD55GUZVBqUHK5zoq9C0BXljTJr04ZvWFZ6ebGouh4R7SbyoRJS6w1AEDcnb26
rSoXJ7SEV4Njfo5XH+iDWrS5IIYW+cy0QMS2rTNz14lkZhT5afsSHqvGBRi+NSjA
ObnYhqGi7zeonUWM4zFHpUBzfHZoHTTEkUd8SJMxlrle4l+eBd9UWzUypNDaZlBz
2H2YTbN844rL2lvqsdclfMwaixuCRlvvE7UuASrPPPVse9sedta5LHPNeUWOTS/u
yQ4qJsPdecfeVpfovePbsPlJyk+iiHKSVETAQFq8HOR845msm62f6UZ+dzuwgSYI
4SgIdn+QvXnmCYPR+zqxD/e/QYIyv3Pdadx4Hlcc9xMwbZS9M30A+lik5w4q6P6n
k/CKc80D5kmAYMmVCm0BF6pZw7fBfniIg8mkrTUa/4knF/TNbOi9OzCxZLU41NRg
VZ8k3eYI21/7gRKIvRsP5eELmnNtmXEUHQ==
-----END CERTIFICATE-----
5) It must be saved in some file with "pem" extension (for example), and uploaded to Android device
And then it should be added into your system as truster root certificate.
6) If you have Android 11 and newer installation is should be made as follows:
In Android 11, to install a CA certificate, users need to manually:
- Open settings
- Go to 'Security'
- Go to 'Encryption & Credentials'
- Go to 'Install from storage'
- Select 'CA Certificate' from the list of types available
- Accept a large scary warning
- Browse to the certificate file on the device and open it
- Confirm the certificate install
(Instructions taken for here:
https://httptoolkit.tech/blog/android-11-trust-ca-certificates/#whats-changed)
In other versions installation could be different.
7) After CA certificate is added to your trust store the site
https://self-signed.mihanentalpo.me/ should open normally from any android browser.
But not from Voice Aloud Reader.
Now, then I written all this Im starting to think that if even reproduction is so hard, why should you bother on the problem that somebody creates for itself...