When we compare the SSL hadnshake between a client your domain, with that to one from "university.webflow.com" which uses X1 there is a difference in the certificates sent by the server during SSL handshake.
We see that for your test domain the server never sends the X1 certificate in the handshake (only the domain + R3), but for the webflow it sends the ISRG Root X1 and it lists is signed by DST Root CA (domain + R3 + ISRG Root X1). Your test URL works in old OpenSSL, Webflow does not.
Based on webflow.com they are following your instructions: "We have been following the advice from LetsEncrypt at OpenSSL Client Compatibility Changes for Let’s Encrypt Certificates which is to use their default chain. This is the one where Android phones and tablets can continue to work, but where older versions of OpenSSL will not."
The question is why cannot everyone do what you are doing for your test domain? Is this a misunderstanding of your instructions, or is your test domain not following the instructions you are providing to the community?