You can use this command to view the certificates that your web server is serving:
openssl s_client -connect your_domain.com:443
All the certificates (including Intermediates) should be displayed.
If you are receiving an error that the private key doesn't match the certificate or that a certificate that you installed to a site is not trusted, try one of the following commands ...
Check the MD5 hash of the public key to ensure that it matches with what is in a CSR or private key:
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5
You also could check your site using SSL Checker and if a problem exists, it can be fixed it by adding the required certificates.
The hostname in the certificate must match the site that you are requesting. For example, if you request a page from your_domain.com, but your certificate is only for www. your_domain.com, the certificate check would fail.