Linux – Apache cached old ssl certificate

apache-2.2cachelinuxsslUbuntu

About 2 weeks ago I bought a new wildcard SSL certificate for all of my servers, and immediately tried to set it up on a server by replacing the old self-signed certificate settings. So, I put in the new details, restarted apache, and refresh my browser, and it's still complaining about having a self-signed SSL certificate. So I investigate further, and confirm it's not my browser or local cache by testing it from a remote windows server, but it is still serving the old self-signed certificate (but the chainfile has updated successully). I even tried rebooting the server to attempt to clear apache's SSL cache or whatever is going on, but no luck there either.
And for some crazy reason, it works fine on port 444, if I edit that site and change it to port 443, it goes back to the old certificate …. 🙁 what's going on?
it's not just port 443 that doesn't work by the way, i've tested ports 92XX (as thats what my services run on) and it gets the same errors, even after creating a new site on a new port.
I also tried copying one of the sites to another (new, never had ssl before) server and it works fine there :/
How do I clear apache's "SSL cache" or whatever is going on here (running Ubuntu 12.10 Server)?

Configuration of one of the sites: 

<IfModule mod_ssl.c>
<VirtualHost *:9207>
        DocumentRoot /var/www/ssl/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/ssl/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/ssl_access.log combined
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
ProxyPass /tr http://localhost:9107/tr
ProxyPassReverse /tr http://localhost:9107/tr
        SSLEngine on
        SSLCertificateFile    /etc/ssl/crt/STAR_mysite_net.crt
        SSLCertificateKeyFile /etc/ssl/crt/server.key
        SSLCertificateChainFile /etc/ssl/crt/STAR_mysite_net.ca-bundle
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>

Best Answer

Run this function as root on your linux server:

apachectl graceful

works for me on debian. If that is not working you can try parameter -k

apachectl -k graceful

error messages in dutch chrome: Fout met SSL-verbinding

error message in english chrome: Error with SSL connection

Related Topic