For the issue of HSTS in browser, you can refer the solution in detail at:- https://certera.com/blog/how-to-disable-hsts-in-chrome-firefox/. Hope it helps!

Yes, your server can be at risk if the previous domain owner still has access to a valid certificate and its private key. Even if you've issued a new certificate, an attacker could exploit the old one until it expires—especially if clients don’t properly check for revocation. While certificate revocation (via CRL or OCSP) helps, not all browsers enforce it consistently. Enabling OCSP Must-Stapling adds another layer of protection by requiring the server to present a valid revocation check during TLS handshake.

For more on resolving certificate revocation issues, including the NET::ERR_CERT_REVOKED error, you can refer to this detailed article:
https://certera.com/kb/how-to-resolve-the-neterr_cert_revoked-error/

For OCSP Stapling process, understand in detail at:-
https://cheapsslweb.com/blog/what-is-ocsp-and-ocsp-stapling/

I think, you can check it out at:- https://certera.com/kb/what-is-a-ca-bundle-in-ssl-and-how-do-you-create-it/.

I hope it helps!

You can check here:

https://certera.com/ssl-types/wildcard-ssl-certificates
https://cheapsslweb.com/ssl-types/cheap-wildcard-ssl-certificates