The server certificate on load balancer (with public IP/CNAME) is expiring on 5/31. I ordered a new certificate and uploaded to the load balancer. I kept the old certificate, and didn't delete/remove it from the load balancer
When I run the showcerts command to list all the certificate, I don't see the latest one. Only existing cert that is due on 5/31 is shown.
openssl s_client -showcerts -connect domainname:443
I checked the browser , there also it is same.
How do I verify that certificate are added properly and new certs will be picked up once the existing one expires?
thanks in advance
How do I verify that certificate are added properly and new certs will be picked up once the existing one expires?
That's not how it works. The server will not magically use new certificates once the previous ones expire. It will only use the certificates explicitly configured.
Usually there is some overlap between old and new certificates, so that one can configure the server to use the new certificates as soon as they are valid (see X509 attribute NotBefore) even though the old ones are still valid too.