Currently it appears that visiting store.kde.org can from time to time lead to the user being served with the wrong certificate.
I just received the certificate for 'addons.videolan.org' for instance when using the scanner at ssllabs.com.
It also seems that whatever setup is being used to run store.kde.org interferes with the use of the ssllabs.com scanner.
You may want to investigate this and correct those issues.
We're now fronting the Store with Cloudflare so even if the issue is present it will be masked by Cloudflare from a users perspective.
Side note: We've seen the above issue with KDE infrastructure, and it's particularly prevalent with Apache + LetsEncrypt and is caused by only soft-reloading Apache. I'd recommend you hard restart Apache once per week as a cronjob to ensure that no old/stale certificates are being served by the system.
Thanks, I'll mark this as resolved then and make note of doing a full restart of apache after a cert renewal.