I did not have any issues today but I recommend you to enable "Log SSL anomalies" in the SSL/SSH Inspection Profile so you will be able to analyze the log and understand why that profile is blocking access to the website. Perhaps for some reason is marking the certificate as Expired certificates / Revoked certificates / Validation timed-out certificates / Validation failed certificates and your profile is configured as Block.
Your first screenshots indicate to me that for some reason your traffic has hit a policy that has SSL Deep Inspection turned on. Only then the original certificate will be replaced by a certificate created by the FGT using the CA in the SSL DPI Profile. That is because DPI is a man-in-the-middle. The FGT needs to decrypt the traffic to be able to have the filters check it and then has to re-encrypt it to hand it on to the client that requested it. Since it cannot use the original cert for that (because it doesn't have the private key) it uses the CA in the profile to spawn a new cert using the original dn/subject/san and use that to re-encrypt.
There is no need to create new cert. Either remove the DPI if it is not needed/wanted or download the CA from your FGT and install it to your client(s) as trusted CA.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.