If so, what happens if you restart the web server? Does it like the new cert? If it likes the cert, you could then try creating a signing request instead with 2048bits.
The example request is missing a HTTP/1.1 from the request line, so its an old style (HTTP/0.9 compatible) HTTP/1.0 request. So it unlikely to be a request from a browser.
It could be a manual telnet request e.g. telnet localhost 80, or someone using wget/curl in HTTP/1.0 mode, or a http client library.
As @mgorven mentioned, its a server error, hence it is either being returned locally from the default virtual server (because thats where the HTTP/1.0 requests end up) or from the remote proxied server.
Best Answer
One simple way is to look at the error log. When the server is restarted, its precise version is displayed in the first log lines.