Welcome back!
Did you know what’s (maybe) funny from other SSL testers I read from here? I tested my website on both platforms, apparently Immuniweb says cert chains are useless although the chain is correct without the older DST Root (it’s also questioned on Caddy forums). And for Hardenize everything checked fine except they’re still trusting the older DST Root cert for some reason. 