Universal SSL - invalid_request: additional_dns_name does not match any approved base domain

I have a domain that I have onboarded to Cloudflare and am serving through DNS. However, when it comes to issuing a universal SSL certificate it is not serving it. The error I am getting from Universal SSL is “invalid_request: additional_dns_name does not match any approved base domain”. And when requesting the page I get the error.

This site can’t provide a secure connection
fa-----(dot)com uses an unsupported protocol.
[ERR_SSL_VERSION_OR_CIPHER_MISMATCH]

When trying to request http, I get upgraded to https

I have attached screenshot of the DNS setup. The A record directs to the IP of a DigitalOcean droplet serving a wordpress instance.

Any help would be greatly appreciated.

Have you tried disabling Universal SSL at the bottom of the SSL/TLS tab, waiting a few minutes and enabling it again? That should restart the process and often helps.

How often does the cert attempt to be regenerated? I disabled and re-enabled Universal SSL but the cert generated has the same expiry date and same error.