Safari reports it can't establish a secure connection to the server

The certificates used by the three websites that were not loading all are issued by Comodo (as shown in Chrome). These certificates were missing from my Keychain Access app, and so it was necessary to locate the certificates and install. Comodo offers downloads of its certificates (https://support.comodo.com/index.php?/comodo/Knowledgebase/List/Index/106/downloads) but using the search function I could not find the ones needed. The Mozilla organization maintains its own certificate store (https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/), which is used by Firefox, and since Firefox was loading the websites correctly I went to the list of Mozilla certificates (https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReport) and downloaded the ones needed. The download window gives the option of opening the certificate with Keychain Access - clicking that option installs the certificate. However, Keychain Access initially reported two of the downloaded certificates as not being trusted - there is a dropdown menu that allows marking the certificates as trusted. Now all three websites load correctly on Safari.

A few points/questions that came up in the course of resolving the problem:

• The Comodo search results included expired versions of the certificates I needed, with an expiration date of May 30, 2020, the date my issue arose. So if these certificates were being used by Safari prior to their expiration, why did a Keychain Access search not show the expired certificates - does the app automatically delete expired certificates? The new certificates would not have shown up in Keychain Access because the OS on my machine is no longer supported by Apple.
• On my machine, User 1's Keychain Access app (Version 9.0) does not show a keychain for System Roots, while the same version of the app in User 2's account does. User 1 can only find System Roots by using the search function. Does Keychain Access has a preference that can make the System Roots keychain visible?
• The Mozilla certificates, which work on Firefox and were copied to Keychain Access, were initially reported as not being trusted.

Thanks to ejschoen1 who suggested working with Keychain Access and expired certificates as the way to proceed in resolving the issue.

Malwarebytes reports no threats. No VPN running. A second admin user receives the message that the connection to the website is not secure and is then given the option to view the website after entering the user's password. Afterwards the second user can access the site with no intervention. First user still receives same "...can't establish secure connection..." message. Safe Mode does not correct the problem. Link to EtreCheck report: https://pastebin.com/gBuxmVR8

Some additional information - maybe related or just a random anomaly. This morning Safari reported being unable to establish a secure connection to another site I visit frequently for both user 1 and user 2. For user 1, Chrome opens the site but reports the connection as not being secure. Firefox and Opera show a secure connection. For user 2, the opposite - Chrome reports a secure connection while Firefox and Opera open the site but show it as being unsecured.

Thanks. I've actually shut down and restarted the computer a few times since the problem arose and that has not solved it. One of the certificates involved was renewed in February and the site was loading fine from then until two days ago. And I did try clearing the cache in the Develop menu.

Thanks again. Looking at a few of the websites, none has a certificate, root, intermediate or server, with a start or end date that is near May 30, when this began. All are currently valid. (My version of Safari seems to show the same certificate detail as Chrome.) None shows up in Keychain Access as expired.