We have a number of sites hosted on a Google Cloud server.
We have added a renewed SSL certificate to the server recently; all our sites loaded the new certificate afterward, except the one that has service-worker setup. It seems like that site is still loading the old certificate (that is still valid at the moment - expires tomorrow).
It looks like it is related to the cache - after clearing the browser cache the new certificate is also loaded for this site.
Would it be an issue for the client when the certificate does expire? When the browsers (Chrome, Firefox, etc.) find the expired certificate in the cache, will they check the server for the new certificate automatically, or will they show a SSL warning page (like https://expired.badssl.com/)?
Is there a way that we could ensure that the client/browsers will load the renewed certificate from the server?
Google Chrome doesn't re-verify certificates on disk, it does this to not break Chrome's offline feature. Whenever Chrome updates the cache, it will get the new certificate, until that happens there should be no worries about the validation of the old certificate.
You can refer to this thread on the Chromium forum