Chrome shows old SSL certificate

Question

I use Let's encrypt certificates on the server. The certificates are automatically renewed and the server-config is updated.

Problem: When I open the web-page in Chrome, it shows that the certificate is valid, but the Certificate dialogue still shows the old certificate info (see Valid from dates):

When I open the page in incognito mode, the browser shows the correct/new certificate

Another odd thing:

after refreshing the page with CTRL+F5, Chrome shows the correct info
but when I now close the tab and open a new tab, the old info will be shown again!?

Questions:

Is this maybe a bug in Chrome? i.e. maybe it caches the certificate info for too long
Or is there something my web-page/server can do to update this info?

https://serverfault.com/questions/279984/how-do-i-clear-chromes-ssl-cache perhaps — Adam Feor, May 13 '19 at 08:51
@AdamFeor I think that link handles a different issue, because there the (still valid) certificate is replaced with another one: in this case Chrome does not know that it should use a newer one and I understand that the cached cert is still in use. But in my case the previous cert had a valid expiry data - and so Chrome is able to notice that this cert has expired, and should invalidate the cache and check for a newer cert, right? — TmTron, May 13 '19 at 09:12

score 8 · Accepted Answer · answered Oct 27 '19 at 09:58

tl;dr

It turned out that the issue is related to the web-page being a PWA and that we had initially used a www-only cert.

Details:

when setting up the server we first created a www-only-certificate for e.g. www.myapp.com
but we forgot to include the naked-domain in the cert, so some hours later we created a new cert for myapp.com and www.myapp.com
the browsers that had already loaded the app had the issue described in the question

Result:
actually we just ignored the issue, because only few clients were affected and even for those, chrome does not show an error and the connection is still encrypted

for more details see this Let's Encrypt forum post

I'm having the same symptoms. `Alternatively, it might just be that the nature of a PWA just reliably triggers the generic behavior for cached browser responses - if you do not need to revalidate an HTTP resource, avoid opening any SSL connection and show the cached information` does indeed make sense... — Pieterjan, Aug 17 '20 at 13:51

score 0 · Answer 2 · answered Dec 16 '20 at 12:34

Clear browser cache in Windows 10 machines to fix this issue -

https://kinsta.com/knowledgebase/how-to-clear-browser-cache/

CTRL + SHIFT + DEL. Chrome will open up a new tab with a popup window titled Clear Browsing Data. Make sure that only the Cached images and files box is checked. Otherwise, you might accidentally clear your browsing history, saved passwords, cookies, and more:

Chrome shows old SSL certificate

2 Answers2