Postgresql SSL certificate issues

I have a gitlab ce omnibus installation running on Centos 7 - this has been running happily for a year or so (and in its previous incarnation on Centos 6 for several years before that).

We have an internal SSL CA that provides the certificiates for the installation. This used to be enabled by using the older mechanism of putting the root certificate into /etc/pki/ca-trust/source/anchors, but now uses the method described in https://docs.gitlab.com/omnibus/settings/ssl.html and adds our CA certificate into /etc/gitlab/trusted-certs/customcacert.pem

However postgres is now failing to start:-

2018-06-11_11:18:49.45811 FATAL:  could not load root certificate file "/opt/gitlab/embedded/ssl/certs/cacert.pem": no start line
2018-06-11_11:18:49.45813 LOG:  database system is shut down

In /opt/gitlab/embedded/ssl/certs/cacert.pem are all the root certificates, including our own, each preceded by a -----BEGIN TRUSTED CERTIFICATE----- line. [Oddly - our certificate, as supplied to the system originally started with a -----BEGIN CERTIFICATE----- line.

If I edit that file and remove the word TRUSTED from the certificate starts, then postgresql starts fine and it all works.

Any ideas as to what the heck is happening here - this only started on very recent versions within the last month or so.

Nigel.