This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 49%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
I need some advice here. Recently, I've just renewed web site public cert on tuesday. The old cert is expiring on wed morning 10am.
The renewal of the SSL cert includes the following steps:
Some background: Our website is front by a content serviec provider >> Web application firewall >> Proxy >> Web Site Server.
On wednesday at 3.30pm, we received feedback from users that they are not able to access our website.
We noticed that our proxy is pointing to the old public certificate which has already been deleted from the web server.
We tried to restart the IIS and application pool again. However, the issue wasn't resolved. The issue was only resolved after we have triggered a server reboot for the server hosting the website.
As part of the follow-up, we noticed that not everyone is facing issue access the website. Our logs captured other users able to successfully access our website.
Wonder if someone can enlightening me on the follow:
Qns 1: Why will the users encountered issue accessing the portal at 3.30pm instead of 10am (expiration of the cert) with the root cause stated certificate verification Failed: certificate has expired?
Qns 2: Why it only happened to a subset of the users but not all? I've read somewhere stating that there is a caching of SSL cert at the web browsers side, could it be the cause of it?
Qns 3: If the cause is due to the caching of SSL cert at the web browsers, how would the rebooting of the server hosting the website address the caching issue at the client browser's level?
Qns 4: Is it mandate or common practise to reboot the servers after public cert renewal?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBZ%3C/text%3E%3C/svg%3E)
Hi @J L ,
Qns 4: Is it mandate or common practise to reboot the servers after public cert renewal?
Restarting the http service through the command line can also solve this problem. But sometimes it has no effect, so restarting the server is a better choice.