Hi @adrianTNT,
I agree with SSL Labs in this case. The point of SNI is to allow a server to choose the appropriate certificate from among several certificates that it may possess in order to answer incoming TLS connections to a shared server. Without SNI, the server doesn’t know which site the client wanted to connect to, so it returns the default certificate.
That is the expected behavior of any site, and in the case of your site, the default certificate covers only *.tntcode.net, which doesn’t match www.apkfiles.com.
The only way to fix this to support non-SNI-capable clients is to add multiple names onto the same certificate. Let’s Encrypt will allow you to do this; you could, for example, get a single certificate for both *.tntcode.net and *.apkfiles.com. If that certificate is presented as the default one, clients will realize that it’s valid for either domain, and not reject it.
Otherwise, you will need to give up support for non-SNI-aware clients, or use a separate IP address for each domain name.