TLS Certificate Request Error

Hi, I just switched my workflow to use Github Actions to deploy my website: wumbo.net, however when renaming the Github pages branch the settings > pages page shows that the TLS certificate is stuck showing an error.

It looks like the old certificate is still valid when using HTTPS, but I really would like to enforce HTTPS only traffic. Is there anything that I can do other than waiting?

Edit: Since my DNS was working right before changing my workflow and HTTPS was enforced, I am assuming that DNS is still configured correctly.

I used the pages health check tool today to see if I could get any more information on the TLS Certificate Error. Here is the output:

{:host=>"wumbo.net",
 :uri=>"http://wumbo.net/",
 :nameservers=>:default,
 :dns_resolves?=>true,
 :proxied?=>false,
 :cloudflare_ip?=>false,
 :fastly_ip?=>false,
 :old_ip_address?=>false,
 :a_record?=>true,
 :cname_record?=>false,
 :mx_records_present?=>true,
 :valid_domain?=>true,
 :apex_domain?=>true,
 :should_be_a_record?=>true,
 :cname_to_github_user_domain?=>false,
 :cname_to_pages_dot_github_dot_com?=>false,
 :cname_to_fastly?=>false,
 :pointed_to_github_pages_ip?=>true,
 :non_github_pages_ip_present?=>false,
 :pages_domain?=>false,
 :served_by_pages?=>true,
 :valid?=>true,
 :reason=>nil,
 :https?=>true,
 :enforces_https?=>false,
 :https_error=>nil,
 :https_eligible?=>true,
 :caa_error=>nil,
 :dns_zone_soa?=>true,
 :dns_zone_ns?=>true}

Currently, in my DNS (Google Domains) configuration I am forwarding the subdomain www traffic to the apex domain. See attached screenshot. The docs say that it is recommended to create a CNAME record for for the www subdomain, but not required – so I am assuming :cname_record?=>false, isn’t the source of the error.

Update for those in a similar situation. Adding a www CNAME record fixed the error following the advice from this post. My DNS custom resource records section now looks like this:

You can trigger the TLS certificate process by temporarily removing your custom domain and adding it again. A couple minutes later I was able to check the “Enforce HTTPS” check box again.