Did you set up Apache with LetsEncrypt? I recently had the same issue, and managed to solve it by modifying the LetsEncrypt SSL configuration file.
No doubt you have seen this snippet by now:
<IfModule mod_headers.c>
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>Add that to the 000-default-le-ssl.conf (mine was located here: /etc/apache2/sites-available/), under this line:
“Include /etc/letsencrypt/options-ssl-apache.conf”
Caution – I’m a bit of a newbie, too. If an expert could weigh in, that’d be great.