NextCloud sends old SSL Certificate

Hello there, so i made a self signed certificate, then later on found out that it has wrong info and made a new one, but for some reason even though i deleted the wrong certificate the server still sends it to the browser and the browser keeps rejecting it.

How can i properly make nextcloud send the correct certificate. I update the default-ssl.conf file to read the mydomain.com.crt and mydomain.com.key files (the .key file is not the root/private .key file). then checked the apache2 configtest syntax is ok, then reloaded apache2 with no errors but still that didn’t help either.

Any help or recommendations are much appreciated!

Sounds like you already did everything usually necessary.
One additional thing you can at least try, is performing a full reload (CTRL + F5) or even temporary deactivating the cache in the browser in the developer console under “Network” and then hit the check box “Disable cache”.
If disabling the cache works, you can delete the cache at all in the browser’s settings.

I did try that but i don’t think the issue is with the browser because i tried it will different browsers and still no luck.

I think the issue is with the nextcloud server itself, why does it keep sending the wrong certificate which is DELETED in the first place. like i find that extremely weird and frustrating lol.

But the server can’t send what isn’t there, right? :wink: I thought there might be caching issues then on the receiving end then.

Well, some other things I can think of:

  • the certificate still exists on the server and only a link was deleted
  • the wrong config was edited
  • there is a proxy server who is configured with the same old certificate and that is actually providing the cert to the browsers

those are actually good points:

im using WinSCP to search for all .crt files that i have on the server but only the ones that i created and built in ones are showing up so u don’t know if that would be the cause.

there should be one config files (if im not wrong) that tells apache2 which sites are enabled and which ports to listen to.

i don’t know about the last point maybe that could be the cause, is there a way to “update” the proxy server with the new certificate somehow?

Thank you so far for the help and advice though! <3

Nextcloud has nothing to do with the certificate. The web server uses it.

Did you try restarting Apache instead of reloading?

Yes, i tried both. i tried disabling and enabling the conf file, enabling headers, env, dir, mime, rewrite then reload and restart, yet still nothing.

You can directly query the certificate with OpenSSL to determine whether the web server is presenting the new or old one.

openssl s_client -connect server:port | openssl x509 -text