You’re using tls internal which means Caddy self-manages a CA and issues certs from that. Caddy’s internal CA won’t be trusted by browsers.
If you’re using a public domain, your server is publicly accessible, and you want to use a cert from Let’s Encrypt, just remove tls internal and restart Caddy.