I've implemented a load balancer using my own OV certificate, which is valid until next year. Initially, everything was working fine, but I've encountered an issue where some users, including myself occasionally, are receiving a "Not Trusted" warning when visiting the website.
Upon investigation, I found that the GTS CA 1D4 certificate expired last September. According to my setup, this certificate shouldn't be present in the chain, as I've added my own valid certificate.
While tools like SSLShopper indicate that everything is okay, SSL Labs reports a different result.
I'm uncertain if this behavior is expected, especially when using a self-managed certificate. If this is indeed the case, how can I extend or update the expired GTS CA 1D4 certificate? Any insights or guidance on resolving this discrepancy would be greatly appreciated.
Thanks
Update
I had two front ends, one for http (for redirecting without www, and another one for https ipv4. I didn’t have one for ipv6. Now i added that one and remove the existing for http. Both shared same exact ssl certificate. Still don’t see changes
This problem required solving several problems.
The load balancer frontends were configured with a self-managed and a Google-managed certificate. The SSL certificate for the IPv6 frontend had expired.
The load balancer IPv6 frontend was configured with a different IP address than the DNS server.
The load balancer was configured with ephemeral IP addresses.
