Chrome shows old SSL certificate

Question

I use Let's encrypt certificates on the server. The certificates are automatically renewed and the server-config is updated.

Problem: When I open the web-page in Chrome, it shows that the certificate is valid, but the Certificate dialogue still shows the old certificate info (see Valid from dates):

When I open the page in incognito mode, the browser shows the correct/new certificate

Another odd thing:

• after refreshing the page with CTRL+F5, Chrome shows the correct info
• but when I now close the tab and open a new tab, the old info will be shown again!?

Questions:

1. Is this maybe a bug in Chrome? i.e. maybe it caches the certificate info for too long
2. Or is there something my web-page/server can do to update this info?

Answer 1

tl;dr

It turned out that the issue is related to the web-page being a PWA and that we had initially used a www-only cert.

Details:

• when setting up the server we first created a www-only-certificate for e.g. www.myapp.com
• but we forgot to include the naked-domain in the cert, so some hours later we created a new cert for myapp.com and www.myapp.com
• the browsers that had already loaded the app had the issue described in the question

Result:
actually we just ignored the issue, because only few clients were affected and even for those, chrome does not show an error and the connection is still encrypted

for more details see this Let's Encrypt forum post