Finally get some time to fix the certificate issue. Long story short, I was using StartCom's StartSSL Class 1 as my root certificate authority. It is free and easy to use (until recently). Chrome had decided not to trust this company due to some issues a while ago but I never paid attention to it. And recently the update of Chrome browser had decided to not trust my website due to this and said
Your connection is not private
Blah blah blah. In short, that treated my site as a potential malicious site.
But my stuff are all legit and do no harm to anyone.
So I now switched to Certbot. I will write some details about switching to Certbot shortly.