You have a reverse proxy with a Godaddy certificate.
Read the attached document from Godaddy explaining the crossover certificate, and the chaining required for it to work across various certificate equipped devices
When checking the certificate offered and the certificate path presented using a test utility like https://www.ssllabs.com/ssltest/ you are not seeing the proper Sha1 to Sha2 crossover, which will impact Sha1 equipped clients trying to browse across the reverse proxy
By default the ProxySG appliance is configured for the CCL (CA Certificate List) of All Root CAs
Even if you import the Godaddy Crossover cert (Hash signature Hash 34 0B 28 80 F4 46 FC C0 4E 59 ED 33 F5 2B 3D 08 D6 24 29 64), the ssl scan will reflect the original certificate chain.
You need to create a custom CCL list that uses the below certificates only, and assign that CCL list to the reverse proxy service: