Many thaks tialaramex 
I’m using certbot to get the servers’ certificates. This gives me 4 files every 3 months:
- cert.pem
- chain.pem
- fullchain.pem
- privkey.pem
Following your very pedagogic explanations, in my Apache configuration, I replaced ‘cert.pem’ by ‘fullchain.pem’, and now, everything works fine ! I get 100% of my park of machines sending reports to OCS server 
Cheers