I myself am not getting any error in the latest Chrome on windows, interestingly enough, neither in incognito nor normal mode. Either way, I looked at the way Porkbun is doing this and they seem to generate a certificate for each and every domain. So this is not a quick fix, since it affects infrastructure as well (and there's some challenges around generating a lot of free certs), but we'll be looking at a solution.