Need help?

Our experts have had an average response time of 13.14 minutes in February 2024 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

How to easily fix Apache serving old SSL certificate?

by | Jan 14, 2019

Expired SSL certificates make websites insecure. And, it can even result in a website attack.

Therefore, replacing website SSL with a valid one is really critical. But, in certain cases, websites throw up errors and still show the old SSL certificate even after renewal.

At Bobcares, we often see customers reporting problems with website showing old certificate as part of our Server Support Services for web hosts.

Today, we’ll see the top causes for Apache serving old SSL certificate and how our Support Engineers fix them.

Problems with old SSL certificate

It is really frustrating to see websites failing even after website SSL renewal. Here, the data transfer from Apache web server will not be secure. This further risks the website for an attack. Also, it will affect your online sales as users tend to abandon shopping carts.

Moreover, websites will throw up security errors in the browser.

 

What causes Apache to serve old SSL certificates?

From our experience in managing Apache servers, our Support Engineers often see websites showing old SSL certificates. We’ll now see the typical reasons that can cause Apache to serve old SSL certificates.

 

1. Browser cache

Browsers often cache website SSL certs. We often see this as a common reason for showing up the old certificates. When the new certificate is not updated in the browser, visitors will see the old expired certificate.

With expired SSL, certain browsers even stop further communication with the Apache web server.

 

2. Reference to wrong certificate files

Again, SSL problems can appear when there is a reference to the old expired SSL certificates.  Here, the SSL files will be included in the Apache configuration files which points to old SSL certificates. As a result, the website can show old certificates in certain browsers.

 

3. Reverse proxy setup

Similarly, we frequently see SSL certificate errors in Apache servers  where Nginx is set up as a reverse proxy. Here, this proxy server speedup the website by forwarding website requests to Apache. And, if the SSL certificate is not set correctly in the Nginx configuration, website will show up SSL errors too.

 

4. IP address assignment

In certain Apache servers, even the IP address assignment of websites can create SSL problems. This happens mainly when multiple domains are associated with a single dedicated IP address. When the website is not assigned to IP address with valid SSL certificate, it can show errors or old expired certificate. Our Support Engineers often see such errors in mis-configured DirectAdmin servers.

Also, when the website DNS point to the wrong IP address, it can result in certificate errors too.

 

How we fix website SSL?

Till now, we saw the various reasons that would cause Apache to serve old SSL certificates. Let’s now see how our Support Engineers diagnose and fix the website showing old SSL certificate.

As the first step, we check the secure website link from our side. This helps to isolate problems with customer’s browser cache. A simple browser restart can fix the problem of showing old SSL certificate.

Further, we confirm that the website resolves to the correct server and IP address. When there are no DNS issues, we check and confirm the service that listens on web server port. This helps to understand if there is Nginx or any other reverse proxy setup in the server.

Then, we further check the SSL cerificate files in the Apache server. Our Support Engineers run the following openssl command on the server to verify the cert presented to the client from Apache:

openssl s_client -connect domain.com:443

If that’s not the right one, we finalize that the Apache config is at fault. Here, we look for all the references of SSL files in Apache installation folder using the command:

grep -i -r "SSLCertificateChainFile" /etc/apache2/

This helps us to correct any reference to the wrong SSL certificate.

Recently, a customer reported problems with SSL certificate in DirectAdmin server after website IP address change.

Here, we checked and found problems with the IP assignment of the website. Then, we fixed the issue by changing the IP address binding to the new one in Apache configuration file.

[Is your website still showing old SSL certificate even after renewal? We can fix it for you.]

 

Conclusion

In short, Apache serving old SSL certificate can happen due to browser cache, wrong reference to SSL files, bad reverse proxy configuration and so on. Today, we’ve seen the top reasons for the error and how our Support Engineers make the website use the correct SSL certificate.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Categories

Tags

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF