Qualys SSL 測試報告該網域的第二個證書，但找不到它

當我透過 Qualys 進行 SSL 測試來運行我的網域時，其主要問題是為此網域安裝的第二個 SSL 憑證。但是，我已經查看了我能想到的所有配置，似乎無法猜測為什麼發送第二個憑證。

我在 Debian 10 buster 上使用 nginx（剛剛更新到 1.16.1），我的所有憑證都是由 Let's Encrypt 透過 certbot 提供的。

有問題的網域是 med.mydomain.de，它會報告該網域的憑證（標記為受信任）以及頒發給網域 app.mydomain.de 的第二個憑證（標記為不受信任） ）。

當我透過 SSL 測試器檢查網域 app.mydomain.de 本身時，它只會顯示一個 SSL 憑證。

這是 certbot 憑證的輸出：

Found the following certs:
  Certificate Name: app.mydomain.de
    Domains: app.mydomain.de
    Expiry Date: 2020-04-11 12:15:31+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/app.mydomain.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/app.mydomain.de/privkey.pem
  Certificate Name: backend.mydomain.de
    Domains: backend.mydomain.de
    Expiry Date: 2020-04-23 13:22:39+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/backend.mydomain.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/backend.mydomain.de/privkey.pem
  Certificate Name: med.mydomain.de
    Domains: med.mydomain.de
    Expiry Date: 2020-04-11 10:45:46+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/med.mydomain.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/med.mydomain.de/privkey.pem
  Certificate Name: rest.mydomain.de
    Domains: rest.mydomain.de
    Expiry Date: 2020-04-11 12:15:51+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/rest.mydomain.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/rest.mydomain.de/privkey.pem
  Certificate Name: webhook.mydomain.de
    Domains: webhook.mydomain.de
    Expiry Date: 2020-04-11 12:15:59+00:00 (VALID: 77 days)
    Certificate Path: /etc/letsencrypt/live/webhook.mydomain.de/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/webhook.mydomain.de/privkey.pem

這是全域 nginx.conf：

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    add_header X-Frame-Options "sameorigin";
}

這是相關伺服器的 nginx 設定：

server {

    root /usr/share/nginx/sites/w_backend/public;
    index index.php index.html;

    server_name med.mydomain.de backend.mydomain.de;

    location / {
        try_files $uri $uri.html $uri/ @extensionless-php;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.3-fpm-w_backend.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param FULL_DIRECTORY /usr/share/nginx/sites/;
                fastcgi_param GLOBAL_CONF_PATH /srv/conf/;
        include fastcgi_params;
    }

    location @extensionless-php {
        rewrite ^(.*)$ $1.php last;
    }

    listen 443 ssl;
    listen [::]:443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/med.mydomain.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/med.mydomain.de/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = backend.mydomain.de) {
        return 301 https://med.mydomain.de$request_uri;
    } # managed by Certbot
    if ($host = med.mydomain.de) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name med.mydomain.de backend.mydomain.de;
    return 404; # managed by Certbot


}

誰能給我一個提示，告訴我可以去其他地方尋找嗎？我可以檢查任何 certbot 選項嗎？