Ah - interesting! I think while some clients, like the browser(s) you’re testing with, may be fine with the TLS configuration, it looks like you maybe are missing your intermediate certs so there’s a chaining issue?
I see SSL Labs reports it is “Incomplete”:
Additional Certificates (if supplied)
Certificates provided 1 (1357 bytes)
Chain issues Incomplete
And openssl
reports “unable to get local issuer certificate”:
openssl s_client -connect uat-msfecare.msf.org:443
CONNECTED(00000003)
depth=0 CN = uat-msfecare.msf.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = uat-msfecare.msf.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Can you check you have all the correct certificates and the most recent chaining certificates?