SSL certificate still appears as expired

Claudiu Creanga

9/27/23, 4:08 PM

My ssl certificate has expired and I generated a new one with the same private key. After I uploaded my new certificate on the server, chrome and other browsers still view the old one. Deleted cache and everything, tried in an incognito window, restarted the express js server. Could it be because I used the same private key?

0 + 0

ssl

anx

9/27/23, 4:17 PM

You might find tools like the [Dutch Internet Standards Platform](https://internet.nl/test-site/) or [Qualys SSl Labs](https://www.ssllabs.com/ssltest/) useful. Without [further details and the URL](https://serverfault.com/posts/1101933/edit) in question, we can only speculate as to which step went wrong (probably just a missing/failed restart).

Claudiu Creanga

9/27/23, 4:22 PM

@anx Thanks. unfortunately it's an internal site not accessible publicly.

Score:4

Server

Steffen Ullrich

9/27/23, 4:28 PM

Deleted cache and everything, tried in an incognito window, restarted the express js server.

Browsers don't cache the server certificate. They might reuse an existing TLS session and not get the new certificate though. But this is only done if the handshake for this connection succeeded, i.e. certificate was valid or the invalid certificate was explicitly accepted. If the browser still complains about the certificate as expired after reloading the page, then the server is still providing the old expired certificate.

Could it be because I used the same private key?

No, it does not matter that the same private key is used.

Make sure that you a) really replaced the old certificate with the new one and b) replaced it on the correct server, i.e. the one which is actually terminating the TLS connection from the client. Depending on your configuration this might be the express js server itself or some reverse proxy or WAF in front of it.

0 + 0

vidarlo

9/27/23, 6:32 PM

And c) restarted the service. Most services caches certs until restarted, so merely changing file on disk will not make the new cert active.

Claudiu Creanga

9/30/23, 7:36 AM

indeed the issue was resolved by restarting the nginx server. It wasn't enough to restart the express js server. Thanks.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSL certificate still appears as expired

TH: ใบรับรอง SSL ยังคงปรากฏเป็นหมดอายุ

RO: Certificatul SSL încă apare ca expirat

RU: SSL-сертификат по-прежнему отображается как просроченный

VI: Chứng chỉ SSL vẫn xuất hiện khi hết hạn

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.