How long does it take to see a renewed SSL certificate?

apache-http-server ssl-certificate amazon-web-services load-balancer
10,907

Found the answer to my own problem. I'll post it here in case my stupidity helps someone else. :-)

I actually have two AWS web servers, with a load balancer in front of them. I discovered that the new certificate actually displayed fine in the browser if I hit each web server directly, but failed if I went to "www" through the load balancer.

I forgot to upload the new certificate files to the load balancer through AWS's Management Console. This page describes the process:

Updating an SSL Certificate for a Load Balancer

Note that the private and public key files you copy and paste there have to be in RSA format. This web page describes how to convert your files to that format if needed:

AWS Load Balancer SSL limitations

After all that, the browser immediately displays the new certificate. No delay, no caching. Thanks for the comments above anyway.

Share:
10,907

Related videos on Youtube

Russell G
Author by

Russell G

Updated on September 18, 2022

Comments

  • Russell G
    Russell G almost 2 years

    I just renewed the SSL certificate for a domain and installed the new files on my AWS server running Apache. All appears to be ok, but the browser still shows the old expiration date. Is there a way I can somehow "uncache" the certificate, or otherwise get a browser to display the new expiration date so I can tell if it's all working? I've tried restarting both Apache and the browser. Thanks!

    • Admin
      Admin over 11 years
      You sure this isn't simply a cache issue on your end?
    • Admin
      Admin over 11 years
      Nope, not sure. :-) Just don't know where to uncache it. I tried clearing the cache in the browser but it didn't help. Wondering if it's more of a system thing. I'm on Win7 64-bit, btw.
    • Admin
      Admin over 11 years
      You have to restart Apache. Certificate appears imediatelly after that or something is wrong. Or you have a proxy server. serverfault.com/questions/323817/…
    • Admin
      Admin over 11 years
      @week: Thanks for the link. I restarted Apache already actually, but it didn't help. But that link showed me how to use openssl to view the certificate being issued by Apache, and I verified that it is indeed the new cert, and that the expiration date is the new one. There's no proxy being used in this case though, so I'm still at a loss. Just so I understand, you're saying that after restarting Apache, all I should have to do is hit the web site again and then use the browser to view the new certificate?
  • Karan Kaw
    Karan Kaw over 3 years
    Same issues happened with me too. Usually SSL Certificate comes with domain name(alias) of Webserver(Load Balancer), so it makes more sense to upload SSL certificate to Load Balancer which acts sometimes as a SSL Load Balancer while it redirects to constituent App Servers for delivering content.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Getting "SSL_connect returned=1 errno=0 state=error: certificate verify failed" when connecting to S3
Multiple htpasswd user entries
Apache failed to start (no errors) after first time SSL config. Do I need different command/passcode?
Generating self-signed SSL certificate for apache on Windows Vista
Apache certificate chain is not being sent
Full end to end encryption with AWS Elastic Load Balancer, Nginx and SSL
Can AWS Certificate Manager (ACM) Certificates be used on Elastic Load Balancer Instances in Regions other than us-east-1?
Can I use the new free SSL/TLS AWS certificates without ELB or Beanstalk on plain EC2?
Install AWS SSL Certificate to EC2 instance without load balancer
Can't upload certificate to AWS