Renewing the SSL Certificate on a Network Load Balanced system

We had a problem last night as we attempted to update our site certificate on our NLB website.

We have 2 machines in the cluster, and after updating the certificate on both of them, the site stopped responding over https.

We spent a LOT of time trying to figure out what was wrong with our new certificate, or the way we had set it up.

In the end, it turned out that that when we updated the certificate, it AUTOMATICALLY removed the NLB IP address from the IPs that are listening for port 443. 

So the result was that each server would respond over SSL on it’s own, but when you tried to access the cluster by it’s IP address over SSL, there would be no response.

It was really easy to fix, but a real pain to find. 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s