We had a problem last night as we attempted to update our site certificate on our NLB website.

We have 2 machines in the cluster, and after updating the certificate on both of them, the site stopped responding over https.

We spent a LOT of time trying to figure out what was wrong with our new certificate, or the way we had set it up.

In the end, it turned out that that when we updated the certificate, it AUTOMATICALLY removed the NLB IP address from the IPs that are listening for port 443. 

So the result was that each server would respond over SSL on it’s own, but when you tried to access the cluster by it’s IP address over SSL, there would be no response.

It was really easy to fix, but a real pain to find.