@jtoelle, see above - a check with non-SNI capable agent may result in receiving a wrong certificate from the default host. However, considering that your domain is sitting behind Cloudflare with Comodo certificates, how exactly that is related to Let’s Encrypt? You should probably try productforums.google.com, where such problems have been already discussed many times.