Problem summary:
- one nginx server
- one domain with SSL certificate
- when accessing the site from one network, nginx returns the correct current certificate (1), and when accessing from other networks - some other one (2), expired a couple of years ago
- The old certificate (2) is missing from the server, it's not in any nginx configuration
I even tried using the grep like "grep -r 'row_from_bad_cert' /". For comparison, in the same way the actual current certificate (1) is found successfully, but old one (2) - none.
The server is configured 100% correctly. Problems that there could be other nginx configurations for this domain in which the certificate (2) is used are completely excluded.
At the same time, there are requests in the nginx access log in which the server issued a certificate (2).
In addition to the browser, I used utilities such as
- openssl s_client -connect domain:443 -prexit -debug
- nmap -p 443 --script ssl-cert domain
From one network, these commands return information about the current certificate (1), from another network - about the old one (2).
nmap shown correct server IP both times, but different certificates.
The site absolutely does not use technologies such as clusters, round robin dns etc. The server is the only one. DNS points to it by a single A-record.
I restart server and nginx couple of times, of course. The certificate was replaced a long time ago (the old certificate (2) was for 2021-2022).
I've set up dozens of servers, but this is the first time I've come across this situation. I have already broken my head and exhausted all guesses.
Please, help me, maybe there are some other commands that can be used to debug a certificate request to make sure that it is exactly requested from the right server, and which certificate nginx gives when requested (i mean from server side).
Sorry, but i can't tell actual domain due to security reason.
