Got a curious one… My wholesale domain registrar requires that I have a subdomain pointed at their server with a CNAME record. It looks like this:
Simple. The only problem is, when you visit the subdomain, you get an SSL/TLS warning about an expired Let's Encrypt certificate. The registrar assures me the certificate at their end is valid. So they're saying there must be an old certificate on my server.
First question: How do I find and remove this old certificate, assuming it exists? I switched to a wildcard certificate some weeks ago, and it's working fine for every other subdomain—this is the only one that isn't working.
Second question: Why are the certificates on my server even relevant? My DNS points the subdomain directly to the registrar's server via the CNAME record. The DNS query is in plaintext (right?), then the resolver goes elsewhere.
Code:
domains 3600 IN CNAME interface.synergywholesale.com.
Simple. The only problem is, when you visit the subdomain, you get an SSL/TLS warning about an expired Let's Encrypt certificate. The registrar assures me the certificate at their end is valid. So they're saying there must be an old certificate on my server.
First question: How do I find and remove this old certificate, assuming it exists? I switched to a wildcard certificate some weeks ago, and it's working fine for every other subdomain—this is the only one that isn't working.
Second question: Why are the certificates on my server even relevant? My DNS points the subdomain directly to the registrar's server via the CNAME record. The DNS query is in plaintext (right?), then the resolver goes elsewhere.