0

I generate my own certificate with letsencrypt and recently I added a new subdomain to this certificate. I can check on https://crt.sh that the new certificates contains this subdomain but my brosers (I tried Firefox, Chrome and Edge Chromium) still see the old version of the same certificate (which has not expired).

I tried to force the removal of the certificate (e.g. in Firefox, I applied the solution provided here: https://www.a2hosting.com/kb/getting-started-guide/internet-and-networking/clearing-a-web-browsers-ssl-state#Mozilla-Firefox) but it still show the old certificate. How can I switch to the new one?

Olivier
  • 252
  • 2
  • 11
  • 1
    Certificates are not cached by the browsers but are send by the server on each full TLS handshake. It is likely that the server is not properly setup with the new certificate. For example the server might have multiple IP addresses (IPv4 and IPv6) and/or there might be multiple instances of the server - and only some got setup with the new certificate while others not. – Steffen Ullrich Dec 31 '20 at 17:51
  • Thanks Steffen. Actually, my server is a simple raspberry pi so no several servers. I checked the certificate path but can't find any issue with that. I'll check it again... I don't really get your point on ipv4 and IPv6 : on my Apache, I have only one vhost for that subdomain and my domain on the domain provider is pointing to the ipv4 address... Is there something to care here? – Olivier Jan 01 '21 at 18:29
  • I checked again and you were right, my vhost was not pointing to the right certificate although this was the first thing I checked obviously – Olivier Jan 01 '21 at 18:54

0 Answers0