It doesn't seem like a screenshot provides very meaningful proof of anything here. After all, the screenshot doesn't prove that your site is properly configured (since anyone could just send in a screenshot of the configuration of someone else's site!).
If the problem is just the SHA-1 self-signed DST root certificate, this is a misinterpretation of the PCI rules, as discussed in these two previous threads:
(As @cpu explained in the earlier thread, "Root certificates are exempt from the SHA1 sunsetting because, in effect, their signatures are not used in the process of making a trust decision [...]".)
If you have some other SHA-1 certificate in your chain, that's probably a misconfiguration of your server, which we can't diagnose without knowing your domain name.