Hello @pmastren,
It is a bit strange that you are testing your server pointing to ip 98.129.228.59 instead of the ip resolved by your dns but... the problem is that you are not serving the Let's Encrypt chain in your Apache conf so you are not serving the intermediate cert (R3):
$ echo | openssl s_client -connect 98.129.228.59:443 -servername s.hdnux.com -showcerts 2>/dev/null | grep '^ [0-1]'
0 s:CN = s.hdnux.com
If you were serving the intermediate certificate you should see one more line:
1 s:C = US, O = Let's Encrypt, CN = R3
If you paste your apache conf we could show you the right conf.
Edit: I didn't see you were using Apache 2.4.7 so in this case, you should have a line like this in the VirtualHost where you are defining the SSL directives:
SSLCertificateChainFile /etc/letsencrypt/live/s.hdnux.com/chain.pem
Cheers,
sahsanu