Following this topic, as I'm encountering the same problem with my sites too. I can't recall when this started for me, but from Oct sounds about right.
I also use NPM. Using Let's Encrypt, with or without a DNS Challenge and/or a scheme of http or https, has the same outcome of a "Deceptive site ahead".
Could it be something to do with Let's Encrypt? Or perhaps DuckDNS?
I am not sure how to create the Custom Certificate, so perhaps that's an avenue to explore?
Cheers,
gwl