Okay. That was quick. Always seems to be the way, after I take the time to spell out an issue I've spent ages trying to resolve... suddenly I figure out the problem.
Will post this here in case it is of use to other folk facing the same issue.
In the site's nginx conf file was a listen entry to redirect non-www to www version of URL. It was missing the ssl directive.
# Redirect non-www to www
server {
listen 443;
listen [::]:443;
server_name ssl-fastcgi-cache.com;
return 301 https://www.DOMAIN.com.au$request_uri;
}
Changed to:
# Redirect non-www to www
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ssl-fastcgi-cache.com;
return 301 https://www.DOMAIN.com.au$request_uri;
}
I realise the http2 is not really necessary.
So far the issue has not reoccured.
What got me on the right track was this...
The discussion from SSL_do_handshake() failed: