Excellent. Much progress.
The redirection certbot sets up is for redirecting http requests to https. And, that is working. Those are the "if" statement in your http server (the listen 80 one). You can add a redirect to your https server (listen 443). If you want help with that let us know what your preferred domain name is (www or not basically).
Your cert looks fine to me. For example, see this test SSL Decoder site. Click on the error icon in FF and show the details.
There are a couple more items to check but let's start with those two.