Thank you,
Yes, that is correct, certs are from different sites. And no redirection rules.
Looking more carefully into this:
In the first case both sites are hosted on Amazon AWS.
In the second, both on Akamai.
It is possible that my NxFilter DNS cache for them got stale and the returned IPs changed in the meantime.
My settings are:
Response cache size: 100000
Current Size : In-memory = 39,774 / Persistent = 40,724 / Negative = 0
Use Persistent Cache: yes
Use Negative Cache: no
Minimal Responses: no
Minimum Cache TTL: 0
Block Cache TTL: 0
Do you see any obvious errors with the settings?