UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36

Steps to reproduce the problem:
1. Enter https://www.firmaprofesional.com, which uses an EV certificate issued by AC Firmaprofesional
2. The URL does not show a green bar neither the Organizations name

What is the expected behavior?
To show the green bar and the Organization's name

What went wrong?
There are the following SubCA for Autoridad de Certificacion * Firmaprofesional CIF A62634068 (crt.sh ID 24651) in the CRLSet:
* AC Firmaprofesional - INFRAESTRUCTURA (crt.sh ID 2209962)
SEU Autoridad de Certificacion (crt.sh ID 34351)

The thing is that, in the URL http://crl.firmaprofesional.com/infraestructura.crt we published the SHA1 INFRAESTRUCTURA SubCA Certificate (crt.sh ID 2209962) and now it is published the SHA2 INFRAESTRUCTURA SubCA Certificate (crt.sh ID 10601239). These two certificates share Subject and keypair, but not serial number, of course. Even more, the SHA1 has been revoked.

Our guess is that the fact of having the SHA1 INFRAESTRUCTURA SubCA Certificate in the CRLSet is, somehow (we do not HOW), provoking that Chrome does not reveal the green bar for EV certificates from Firmaprofesional, and also a "tags don't match error in crt.sh (https://crt.sh/ocsp-responders?trustedExclude=&trustedBy=&trustedFor=&dir=v&sort=2&url=%25firmaprofesional%25&get=&post=&randomserial=)

Did this work before? Yes Don't know

Chrome version: 69.0.3497.92  Channel: stable
OS Version: ubuntu 18.04.1
Flash Version: