As title says - so why?
→ Certificate is Let’s Encrypt
Disabling the option shown in picture has solved it, but i don’t know why i need to set some custom settings here? (imo: the Certify application should do that - if necessary)
Thank you very much for your feedback(s)
Best regards
Jan
Are you using an intranet hostname? I haven’t seen this reported by any other users but it appears Chrome & Edge have introduce a policy change which causes this:
When Let’s Encrypt issue a certificate it has a set of “key usage” flags set to say what things the certificate can be used for. Currently these are “Digital Signature, Key Encipherment” however it looks like the Chrome/Edge policy changes enforces non-RSA key types.
To fix that try changing the private key type under Certificate > Advanced > Signing & Security > CSR Signing Algorithm and set it to ECDSA P-256, the click Request Certificate to order your certificate again with a new key.
THanks, but i don’t find that option in GUI: < Certificate > Advanced > Signing & Security > CSR Signing Algorithm>
is it in Certify GUI or in IIS windows settings?
Got it - now it works with enabled [default] SNI option 
Great! Glad you got it working, it may be useful for others who find the same problem too.