Certificates for the domains sitename.com and *.sitename.com have been created on the website. I have received three files: ca_bundle.crt, certificate.crt, and private.key.

I have placed these files in the /etc/ssl/certs/sitename.com/ folder on the VDS server.

In the NGINX .conf file, I have added the following configurations:

http {
        ...
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Refusing SSLv3, see POODLE vulnerability
  ssl_prefer_server_ciphers on;
        ...

        server {
        ...
           ssl_certificate        /etc/ssl/certs/sitename.com/certificate.crt;
           ssl_certificate_key /etc/ssl/certs/sitename.com/private.key;
           ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
           ssl_ciphers         HIGH:!aNULL:!MD5;
        ...
}

I have made the necessary redirects, and everything seems to be working fine. The site can be accessed successfully via https://, and a green lock is visible in the browser. However, there are some issues with Google Webmaster and when switching from Facebook, a warning message appears indicating that the certificate is not installed correctly.

Can you please advise on what I might have missed? Where should I place the ca_bundle.crt file? Could there be a mistake in the certificate installation process?

Attention, please take a look at this.
1. Certificates provided:

server {

################################################### #####################
## server configuration
################################################### #####################
        listen *:443 ssl http2;
                server_name 3dpaneli.ru www.3dpaneli.ru ;
        root /var/www/3dpaneli.ru/web;


################################################### #####################
## SSL configuration
################################################### #####################
# It is recommended but not mandatory directive.
# Leave it commented out unless you understand its purpose.
#more_set_headers 'Strict-Transport-Security: max-age=15768000';
        ssl on;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 1h;
        ssl_protocols TLSv1.2 TLSv1.1;
        add_header Strict-Transport-Security "max-age=15768000" always;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_prefer_server_ciphers on;
        ssl_ciphers :DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA -AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128 -SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK ;
        ssl_certificate /var/www/clients/client19/web26/ssl/3dpaneli.ru-le.crt;
        ssl_certificate_key /var/www/clients/client19/web26/ssl/3dpaneli.ru-le.key;
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;
################################################### ##################


......
The ssl_dhparam /etc/nginx/ssl/dhparam.pem; line is not required, but necessary to upgrade the certificate class.
After that, in the browser, click on the certificate to ensure that everything is correct, and check if the domain is displayed as green.
You can open the debugger and look at the developer console for any mixed content issues. If there are any, make sure to fix them.

It seems that you have not completed the installation of the certificate properly.
The ca_bundle file includes both the root and intermediate certificates, which, when combined with your domain's certificate, form the complete chain of certificates.
You need to merge your certificate with the bundle and specify the resulting file as the certificate.

Is port 80 open on the server? Additionally, in Webmaster, if I recall correctly, you need to explicitly specify https:// for the website. It's possible that the swearing might be due to a cached version of the website without a certificate. You can try opening it in incognito mode.

I recommend visiting https://ssl-config.mozilla.org/ and paying attention to the ssl_trusted_certificate parameter. It might provide some helpful insights.