My Let's Encrypt certificate is valid, but I occasionally get a “Your connection is not private” error when accessing my site. This happens for all the domains where I have installed Let's Encrypt certificates, but for simplicity I will limit this topic to one domain.
It appears that the server occasionally serves an old certificate. When I refresh the browser, it serves the current valid certificate. Occasionally, I need to refresh the browser several times.
This issue first appeared last year. I have renewed the certificate several times, but the problem persists. I contacted Support of my hosting provider (Media Temple) several times, but they won't assist because Let's Encrypt is considered a "third party."
My thought is that they are clustering your site and some of the systems are using an old cert, notice the expired cert encountered below.
Furthermore, not all systems are configured the same, notice the etag entry and then none.
Assuming your hosting service are the ones who manage the webserver (nginx in this case) then the certificate is also their responsibility, unless you are uploading it yourself.
It could be they have a set of load balanced web servers internally and one of them is misconfigured or out of sync.
You could work around the problem by moving your DNS to Cloudflare (free), which then by default can "proxy" your website (which would still be hosted with the same company), making it faster in different countries and also providing an automated certificate.
Also note that your website currently uses some fonts from google which are loading via http, you need to update that to load via https instead otherwise some browsers will refuse to load the content or present the users with a mixed content warning.