Our server certificates were about to expire and we had already received our renewed certificate. It was a simple task.
Go to httpd.conf.
Go to the virtual host section and just replace the following with the paths to the new certificate.
SSLCertificateFile /xxx/cert/www_domain_com.crt
SSLCertificateKeyFile /xxx/cert/privateKey.key
SSLCertificateChainFile /xxx/cert/cert_bundle.crt
But then came the shock. After hitting the url from the browser, we went to check the certificate information. That led us to see that still the old certificate was getting served.
We started debugging to see what went wrong. We googled as well and loads of possible issues came out:
1. There could be something else sitting in front of your Apache say Plesk or nginx etc. BTW nginx is similar to Apache but more lightweight and fast. It is used sometimes as performance enhancer by making it serve content and sending the rest to Apache or any other back end. So in that case you might miss installing the certificates here.
2.The actual conf file may be different. This can be a cause if the last time the conf file was touched was long ago. Please doubly make sure that you are editing the correct .conf file.
3. Proper restart of Apache is needed. Apache does cache SSL certificates. But if a proper restart is done that is flushed out.
4. Worst, the browser may be caching the certificates. Please check the SSL settings in the browser to make sure that it is cleared. Modern day browsers are smarter though.
Unfortunately none of these seemed to be true in our case. Ultimately after 3-4 hours of struggle, we just thought that it could be a virtual host issue. We had number of virtual hosts lying. A wild guess—what if one was overwriting the other’s certificates?
Wierd guess though..we decided to change first and the last one. That shall mean that the first or the last whichever is the final overlap, shall have the latest certificate. But that also did not work.
Finally we decided to give a last shot and we changed all the virtual hosts with the above changes, even to the unused ones.
And Voila…!!! IT worked..!!
Strangely Apache seems to be retaining the old certificate even if one virtual host pointed to the old one, even if its an unused one. Right now I am digging into this to see why its so. Will post back if I get some info.
Hope it helps,