I see your new certificate OK on my end. My questions for the person experiencing it would be:
1. Which browser/operating system? (Mobile?)
2. Does Control-F5 fix the problem? (Mobile: Reload, or delete cache.)
3. Is this user using an SSL proxy server? (They probably won't know what this is.)
4. What does the certificate in the error say? (Maybe someone really is trying to spoof the site for this user.)
Though the new certificate should be picked up regardless of all that.
I know you switched versions recently (from the one with the gray headers to the one with the blue headers). Is there any chance the version with the gray headers is still out there somewhere, with the old certificate, accessible by whatever this person is doing?