We are currently using an standard SSL certificate for a domain say example.com hosted on 300 servers. When someone request https://example.com, one of the server serves the request.
Now, we want to upgrade our SSL certificate from Standard to one that protects multiple sub domains. Our registrar, GoDaddy, informed us that we will need to cancel the current certificate and instead a new one will be issued.
Now, once the new one is issued to us, it will take approximately 10 days for us to replace the older one on the 300 servers. In those 10 days, if our users request https://example.com and a server that still has the old certificate serves the request, then what will be shown on the user's browser?
Will the user see an invalid certificate error?
NOTE: Just to put all the backlash at rest, the reason it takes 10 days to update over 300 servers are because my servers are deployed in private buses, trains and aircraft and they serve request via an offline hotspot. They may serve several requests without connecting to internet for days. And hence, as per our last update rate, it will take approx 10 days for me to update all of them.
Best Answer
Putting aside the fact you have 300 servers (!!!) and you seem to say the process is not automated so it will take 10 days (!!!) to complete, the scenario that GoDaddy has described seems off.NOTE: Comment irrelevant now that a clearer context is placed on the 300 servers in 10 days issue; the logistics of moving/sporadically-connected servers make sense.Yes, if you wish to create a new certificate the old SSL certificate should be revoked (aka: cancelled). But in my experience SSL certificates don’t have to immediately be revoked because a new SSL certificate has been issued. You might want to double check with GoDaddy about this.
Also, SSL certificates, registrars and hosting services are 3 different things. Sometimes a registrar will insist they are the only ones who can issue an SSL certificate for a domain they might have registered with them. But you can pretty much get an SSL certificate from anyone who offers one and then use that with your current servers without issue.
If GoDaddy is really being a pain about this, I would recommend just getting an SSL certificate from another source.
That way you can phase in the new SSL certificate across the 300 servers while keeping the old SSL certificate in place. And then when you are done with the transition, officially revoked the old certificate so you're done with it.