Websocket Certificate CERT_DATE_INVALID

Question

i have a strange problem at the moment. I have an ssl certificate with the following SANs:

example.com curation.example.com

The website over https loads just fine. However the same certificate is used for a secure websocket.

The websocket url is: wss://curation.example.com:8080 Everything worked fine until two days ago. Suddenly my browser reject to connect to the websocket with the message that the certificate dates are invalid: screenshot from the browser console

I of course checked the certificate. It is valid until 4th April 2019. Does anyone know what could cause this issue? I already let LetsEncrypt reissue the certificate. HTTPS works fine. WSS does not.

Answer 1

https:// and wss:// run on your server at different ports and are likely run by different servers. Even though both servers have the same path to the certificates configured they typically only load the certificates on startup or reconfiguration and will not load the new certificates by themselves just because a new path is in the existing path.

My guess is that you've restarted/reconfigured the https:// server but not the wss:// server after the new certificates got installed so that the first one is using the new certificate while the second one is still serving the old certificate.

Another guess (which turned out to be true) is that both services are not actually setup to definitely use the same certificates even if you though so. Thus the certificate update might only affect one service but not the other.