I am using Let's Encrypt via Certbot on RHEL to get SSL for my server. Recently I had to renew my certificate, which I did. Everything went fine with certbot renewal dry-run, and I updated my certificate. Now if I open the site, it shows the new certificate expires in three months, but when I use this command to check the certificate expiry:
echo | openssl s_client -connect mysite.com:443 2>/dev/null | openssl x509 -noout -dates
it shows the certificate is already expired (the old one). I'm not sure what am I missing? Why browser can find the correct certificate while openssl cannot?
Thanks
Best Answer
Browser probably uses SNI, while openssl as you wrote it doesn't. Try this: