Just as an update - it appears that there was a vhost config that went
unnoticed - this from the guy who found it:
"We noticed with SSLLabs that there was 2 SSL certificates getting pulled when
testing against the xxx.xxx.xxx.domain
Looking against the config being included in the Apache when s
Is the CA cert signed with SHA-1? If so, you can try to check if the CA has
a cross-signed CA cert with SHA2 you can use for the customer's current
certificate chain or just tell your customer to reissue the cert with a
full SHA2 chain.
Best Regards
/P
--
--
On Thu, 12 Oct 2023 at 04:27, Craig H