Invalid SSL on new server

Asa Carter asked:

I have just migrated to new VPS server from a GoDaddy server.

The domain has a wildcard SSL that I have re-keyed and installed on the new server.

I have recently updated the name servers for the domain but SSL does not seem to be working on the new server.

The IP for the old server is 188.121.45.1
The IP for the new server is 5.189.128.253

The server is running Nginx.

How can I check the SSL certificate is installed correctly? Could it just be because the domain is not fully propagated?

Help !?!?

My answer:


Your DNS TTL on your address record is set to 86400 (seconds, which is one day). Thus, when you make a change, resolvers on the Internet which have cached the old record may not update it until as long as a day has passed.

It’s best practice to shorten the TTL to as low as possible (usually 60 seconds) in advance of the actual change of IP address, so that when you do change it, the change will be “propagated” almost immediately. (There’s no such thing as DNS propagation; it’s actually caching.) If your TTL was set to 86400, then the TTL must be lowered at least 86400 seconds before you change the address. The TTL can be raised again after or at the same time as the address change, if desired.

(And while you’re fixing things, your SSL configuration needs a lot of work. Visit https://www.ssllabs.com/ssltest/ to test your site, and https://cipherli.st/ to get a secure configuration.)


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.