Skip to main content

SSL certificate doesn't update

PatrickVeenstra

A long, long time ago, I installed a new SSL certificate on my failover server. Just today I had a look at it, but the certificate didn't update. That is, the expired one was still being "sent" to the browser. I've removed the expired one, but it's still being sent to the browser. These are Sectigo Limited wildcard certificates.

To do this test, I'm using a local DNS proxy (poiting the domain to the failover server).

What am I missing? Why is a certificate that doesn't exist being sent to the browser. I've used a private window, as well as another browser, to test.

Comments

5 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  Just to confirm, the SSL is showing a modern version in WHM >> Manage SSL Hosts but you are getting the incorrect SSL in the browser?

    You can run a different test by using curl on the command line, as that will show the SSL connection data:

    curl -vvI https://yourdomain.com

    I would expect that to pull directly from the server and show the correct information.

    If that isn't working there's really only two options:

    -you aren't connecting to the correct machine
    or
    -Apache needs to be forcefully restarted

    You could try that curl test again after running /scripts/restartsrv_httpd tio see if that changes things.

    1
  • PatrickVeenstra

    Thank you. Where's the certificate information in the CURL output?

    0
  • Muhammad Tanveer

    Sometimes the server keeps serving the old certificate from memory even after it's removed from disk. Make sure to fully restart the web server, not just reload the config. For NGINX, systemctl restart nginx is usually required — a reload won’t clear the in-memory cert.

    Check if there's another virtual host, default SSL block, or a catch-all config that’s still pointing to the old certificate path. Run:

    bash
    CopyEdit
    openssl s_client -connect yourdomain.com:443 -servername yourdomain.com

    That’ll show what cert the server is actually presenting, without browser caching involved. Also clear any local DNS or OS-level caches if you’re testing via a proxy.

    1
  • PatrickVeenstra

    Solved. Thanks.

    0
  • cPRex Jurassic Moderator

    PatrickVeenstra - can you share what the solution ended up being?

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post