Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
But do you have a question? You have a cert for that FQDN, and your server is serving that cert. HTTPS works and the hostname matches. If you're having a problem, please explain it in detail.
To add on this: if the first certificate issuance went fine, but there is some sort of problem, forcing a brand new certificate which will be just as fine as the previous certificate won't magically solve your problem.
If it did, we might use this magic to get world peace or something.
Is there anywhere on that error screen that allows you to look at the certificate it saw? That would be helpful to know.
Does this fail consistently on the same device? Or is it just occasionally from the same one? Can you run openssl on the command line from the device that fails?
I tried various testing tools and all of them consistently see your server using the correct cert and chain.
Sometimes an Apache worker gets stuck and using an older config or cert. You could try rebooting your server to rule that out. I didn't see any evidence of that happening but it might be worth trying. When odd things happen sometimes that helps.
If you have openssl I was going to instruct how to use that to check the cert your system sees. Windows by default does not come with openssl.
Usually those kinds of error screens offer a way to view the details of the cert the browser saw. You may have to click around or google the error for that browser.
Since your server looked consistent to me I'd guess you have some sort of "HTTPS Inspection" type firewall or antivirus looking at just some of your connections.
The error means the cert your browser saw doesn't have the domain name in it that you used in the URL. Either your server sent the wrong one (which I never saw) or something is getting in the middle of your conversation.
That is why finding the details about this cert is important. It will help identify what is doing that.
Using openssl to check might not even help. It might be something in the browser itself doing this (some plugin). Try a private or incognito window and see if you get same poor result. That might narrow down what part of your system is doing that.