The message about HSTS could be because of CT logs, but any other problem with the certificate (such as missing SubjectAltName, bad dates, untrusted issuer, etc.) could all give that message.
The idea is that if the server was previously configured for Host Strict Transport Security, the browser should not give an option to “ignore certificate problems and open the site anyway”, thr browser should just about the connection.
In that scenario I’m not even sure if this is an option, but try hitting F12 to bring up Developer Options in Chrome, amd see if the Security tab gives a better error message.
I agree that the certificate options should be easier…we use a mix of OpenSSL and Java keystores, but that complexity could be better abstracted in the tools. Unfortunately when using a web interface to configure these, if it goes wrong you get locked oht of the interface you’d need to fix it.