Firefox SSL error - but not chrome/safari!! OCSP stapling seems the issue!!

I already told you there is no full chain supplied in your certificates.

Even though firefox now shows the full chain, unlike before, checking askcappelletti.com with openssl only returns the certificate itself and does not contain the full chain. Unlike my own certbot certificates.
So firefox most likely now builds the chain by itself. Nowdays most browsers are able to do so but not all.
You'll have to look into your own server to find out why certificates don't contain the full chain.

 

No problem with firefox browser on my ends. No complaints. Though I am not sure why yours is still using RSA and not ECC LE certs.

Perhaps, I guess, you are using a very old certbot-auto. Newest certbot, via apt or snap, should not have that compatibility or security issues, but yours I don't know, as it logged that. I don't think that new ISPConfig automated install will even use that certbot-auto, so I'd remove that totally, and install either apt or snap certbot, that is if you still want to use certbot, safely and efficiently.

OR, may be you just don't re install latest certbot, and let ISPConfig install acme.sh for you, which is easier and more user friendly, though transition is a little bit, but no so very, tough I'd say, but very workable.