We came across this challenge today as well. Since we had two alias, both supported by our certificates, we chose one of them, but we forgot that the alias we chose was not automatically updated in the IdentityServer database, which is created when installing orchestrator.
As I remember, you will want to check your IdentityServer database – Clientredirecturi Table (1) and check if that the URL you are trying to access is one of the values in the table.
In addition, you will have to check the Json file (settings) of orchestrator (2) and Webconfig (3) file all have the correct Orchestrator URL mentioned.
So there are three potential locations where there might be incorrect information.