You are right!
I was thinking that the default configuration was override by single virtualhost configuration…
Now putting in the default config
SSLProtocol all -SSLv2 -SSLv3
I take A on SSL LABS! Good!
My next step, is now to follow the directives at this site, probably you already know:
A brief consideration: even certbot can modify the default configuration of any server, but a simple alert about disabling poor ssl protocols and cipher IMHO must be a good idea… Or not?
Thanks a lot for all!