@dniem1 I don't know Traefik either. And, I don't see anything inherently wrong with your certs. You are serving the 'long chain' - same as this website. Your leaf was issued today (Oct 7). That said, some clients do not like the long chain (like older openssl).
You might try checking out the Traefik forum too. I saw this thread which talks of these issues and I am sure there are others.
That thread talks of the 'long chain' as the legacy chain and the 'short chain' as the modern chain. I don't agree with that categorization but just pointing it out.
Another thread in this forum said to ensure to use the 'short chain' but they do not explain why.
Any client validating the short chain needs ISRG Root X1 in their CA root store. That came out in 2015 but we have seen client stores this past week that do not have it.
It is difficult to be very specific. Your config is complex and few people here would be using it like you do. If you have an example failure to reproduce it would be easier - like a failing curl or web request.