wildcard SSL cert not working on some subdirectories of a subdomain

Question

I recently got a wildcard SSL cert for our main domain -- let's say it's mysite.ca Under it, we have several subdomains on different servers

For one subdomain one.mysite.ca, everything is working except for a few subdirectories, for example, one.mysite.ca/folder/something, keeps showing an SSL cert error. When I look into the specific page, it looks like it's still using an old certificate that has been canceled, not the new wildcard cert.

I am getting confused because I'm under the impression that a wildcard SSL cert for the main domain will protect all subdomains. Well, my confusion is mostly due to my lack of understanding I suppose.

More interestingly, this issue got magically resolved with a system upgrade. I am not sure why this happened in the first place, or why it was resolved. Any insights? Very curious to learn...

Thank you!

Answer 1

I'm not sure what actually happened in your case since we only have your interpretation of the issue. But based on how HTTPS works it is not possible to have path dependent server certificates:

The path is part of the HTTP request and the HTTP request is send over the already established TLS connection. This means the path is only available to the server after the TLS handshake is already done. Thus it cannot be used to pick a server certificate.

Maybe there were some cached permanent redirects to a different domain with different certificates, i.e. the expected domain was not actually contacted since it was already known that it would redirect to somewhere else. But this is just speculation.