Problem: A newly setup web server with working https cert is not reachable by some people with a certificate error.
Discussion: After checking the cert info, you can see that the cert issuer is not the real one but FortiNet. The user is behind a FortiGuard firewall with WebFilter. Paranoid FortiGuard sysadmins may block “newly observed domain”, which is every domain Fortiguard does not have in it’s database. I strongly discourage blocking every thing which is unknown! If you bypass the cert error you can see this error:
Solution: Sysadmins should never block everything they don’t know, and users should put pressure on the sysadmins not to force their conservative paranoi on their users. You can also try to check and white liste the domain in the fortiguard reputation list: https://fortiguard.fortinet.com/webfilter https://www.fortiguard.com/faq/wfratingsubmit