The diagnostics from ssllabs return full A. There are two problems with it.
1. From the diagnostics page, the signature algorithm uses SHA1withRSA, marked in red as insecure. Despite this, the certificate grading is 100% positive. Is the grading broken?
2. If you enable "security.ssl.require_safe_negotiation" on Firefox, you are presented with a loud "Secure Communication Fauiled" due to SSL_ERROR_UNSAFE_NEGOTIATION. The diagnostics from ssllabs do not detect the problem on apple's site.