Get a valid SSL Certificate for www domains via Traefik and Let's Encrypt

Using Digital Ocean, Trafik v1.7.18, Let's Encrypt and Docker Compose version 3 I was able to get an SSL certificate for my non-www wildcard domains and main domain. However, when I try to access https://www.ex.example.com I get an error page saying "Your connection is not private" with a NET::ERR_CERT_AUTHORITY_INVALID error.

How can I get my "www" domains to receive a valid SSL Certificate?

Here is my traefik.toml code

#debug = true

logLevel = "DEBUG"
InsecureSkipVerify = true 
defaultEntryPoints = ["https", "http"]

# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations 
[api]
  entryPoint = "traefik"
  dashboard = true
  address = ":8080"

# Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
    minVersion = "VersionTLS12"

# Let's encrypt configuration
[acme]
email = "support@example.com" #any email id will work
storage="/acme/acme.json"
entryPoint = "https"
acmeLogging=true 
onDemand = false #create certificate when container is created
[acme.dnsChallenge]
  provider = "digitalocean"
  delayBeforeCheck = 300
[[acme.domains]]
   main = "example.com"
[[acme.domains]]
   main = "*.example.com"

# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
# This will hide all docker containers that don't have explicitly  
# set label to "enable"
exposedbydefault = false

Here is my docker-compose.yml code

version: '3'

services:
  traefik:
    image: traefik:1.7.18-alpine
    restart: unless-stopped
    command: --docker
    environment:
      - DO_AUTH_TOKEN=${DO_AUTH_TOKEN}
    labels:
      - "traefik.backend=traefik"
      - "traefik.docker.network=proxy"
      - "traefik.enable=true"
      - "traefik.port=${UI_PORT}"
      - "traefik.frontend.redirect.regex=^https?://www.${CURRENT_URL}/(.*)"
      - "traefik.frontend.redirect.replacement=https://${CURRENT_URL}/$${1}"
      - "traefik.frontend.rule=Host:${DOCKER_URL_HOST}"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"      
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.SSLForceHost=true"      
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"
      - "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}"    
      - "traefik.frontend.headers.contentSecurityPolicy=${CONTENT_SECURITY_POLICY}"
    networks:
      - proxy
      - internal
    ports:
      - ${HTTP_PORT}:${HTTP_PORT}
      - ${HTTPS_PORT}:${HTTPS_PORT}
      - ${UI_PORT}:${UI_PORT}
    volumes:
      - $PWD/traefik.toml:/traefik.toml
      - $PWD/acme/acme.json:/acme/acme.json
      - /var/run/docker.sock:/var/run/docker.sock
      
networks:
  proxy:
    external: true
  internal:
    external: false

You cannot do *.*.domain.tld certs, lets encrypt does not support that.

Thanks for the reply. I just realized the invalid SSL certificate was from an older certificate I made.