We had to rekey our wildcard cert and updated it in the custom domain settings. It’s a godaddy cert. Probably is sometimes we still get the old cert. It’s been over 72 hours and the old cert still appears sometimes when you access the site. We manage our DNS through an external provider and our TTL for our CNAME are only set to an hour. All affected sites are subdomain sites on our main wildcard domain.
Example of issue:
while true; do curl -k -svo /dev/null
2>&1 | grep -E '(Trying)|(start date)'; sleep 1; done
You can see sometimes the old cert appears (Issued April 22) and sometimes the new cert appears (Issued April 30)
Not sure what steps to take to invalidate this old cert and get all server instances using the latest.
The problem is that with a rekey, godaddy actually revokes the old cert. Netlify is thinking its still valid I believe because of the expiration but it is not. Certain browsers and client configurations are rejecting it. We run an ecommerce site so every hour this is down it could be costing us a lot.