Thanks for thinking with me!
gnutls-cli -p 443 mydomain.com results in:
Resolving 'Resolving ‘mydomain.com’…
Connecting to ‘xxx.xxx.xxx.xx:443’…
*** Fatal error: A TLS fatal alert has been received.
*** Received alert : Handshake failed
*** Handshake has failed
GnuTLS error: A TLS fatal alert has been received.
I am using a StartSSL certificate, SSLLab.com gives me almost full score.
The issue that bites me is https://confluence.atlassian.com/pages/viewpage.action?pageId=419005548 If I rebuild git using libcurl4-openssl-dev instead of libcurl4-gnutls-dev I can clone through https.
I am provisioning a VM with Ansible and instead of building git from source I thought it would be easier if I could persuade Gitlab CI to clone over ssh.