OK - UPDATE - AND A WORKING FIX FOR THOSE THAT NEED IT
Finally found a fix - bearing in mind that in this case each account has separate IP address, this was ssl-conf as generated by CWP panel before fix:
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
NameVirtualHost x.x.x.111:443
NameVirtualHost x.x.x.110:443
NameVirtualHost x.x.x.112:443
adding this line to end manually fixed the problem (SNI related I think)
NameVirtualHost *:443
also in vhosts-ssl.conf for each entry relating to ssl enabled addon domain or subdomain change ip address from x.x.x.x:443 to *:443
correct cert then loading for domains, this works for add-on and subdomains
dont forget to restart apache
Hope this solves the issue for anyone else who experiences hours of grief trying to figure it out !