Posts

apache2 randomly uses old self signed certificate

On a site with a valid SSL certificate, sometimes a page load would result in a warning about being insecure. When inspecting the certificate, it turned out to be an old self signed certificate that shouldn’t be in use any more since the site now has a valid “real” SSL certificate.

Reloading the page a couple of times after the problem occured, and the site loaded again with a green SSL “lock” symbol. But randomly the problem kept occuring.

Even after deleting the old self signed certificate files from the server and restarting apache2, the problem remaind.

It turned out that neither systemctl restart apache2, service apache2 restart or apachectl stop / start killed all running processes.

To verify this I did apachectl stop and then ps ax | grep apache2 revealing there where still running processes. After killing each of them manually I started apache2 again and the problem was resolved.