I just created a second certificate and everything worked fine this time, including the intermediate certificate. Why? I have no idea.
For the record:
- Windows Updates: yes, of course, Windows Server 2016
- This is one of a few servers responding to www.mydomain.com, but using DNS for authentication probably gets around this problem.
- The first time I did it, the DNS authentication information was presented to me in a grayed out side panel where copying for pasting was not permitted. That was…confusing. I hope you find a better way to present that to people.
- If I can help you troubleshoot something here, let me know.
But thanks everybody!