Issue was caused by stupidity
Sectigo AddTrust External CA Root certificate expired on May 30, 2020. They sort of assumed that only 'modern' browsers visited web sites and forgot about everything else that may use SSL.
Sectigo was established as a seperate operating company from Commodo in 2017 at which time they added an ADD TRUST certificate to their certificate chain at this time with a 3 year expiry.
It doesn't appear to have been communicated that it would be best to reissue your certificates before the 30th May to ensure full compatibility nor (more obviously) ensure the root expired after customers certificates. Ours still had 3 or 4 months left.
It just meant reissuing and reinstalling SSL certificates. Obviously there was quite a lot of head scratching, getting certs and bouncing services to fix everything.
Surprised it took the reg so long to notice.