oldthreefeng opened a new issue #4067: URL: https://github.com/apache/apisix/issues/4067
### Issue description ### Environment * apisix version (cmd: `apisix version`): 1.5 * OS (cmd: `uname -a`): centos 7.9, * OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): ``` openresty -V Tengine version: Tengine/2.3.2 nginx version: nginx/1.17.3 built by gcc 6.4.0 (Alpine 6.4.0) built with OpenSSL 1.1.1b Tassl 1.4 23 Aug 2020 TLS SNI support enabled ``` * etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): ``` / # etcdctl --version etcdctl version: 3.3.25 API version: 2 / # exit ``` * apisix-dashboard version, if have: ### Minimal test code / Steps to reproduce the issue update ssl cert by curl patch. i get the cert from cluster ``` curl -H "X-API-KEY: $X_API_KEY" -sSfL http://*:9180/apisix/admin/ssl/00000000000000000638 | jq . { "node": { "value": { "cert": "-----BEGIN CERTIFICATE-----\nMIIFPTCCBCWgAwIBAgISA7TkxJvohgY6TqWAE2cu6zzMMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTAzMjkxNTU2MDNaFw0yMTA2MjcxNTU2MDNaMBwxGjAYBgNVBAMT\nEWJldGEuaWxlYXJudGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA0rR7j1z3GH/M9RVioXCQ4yVBSixcHf9oK7LVumNhmgDYMdoUNpovRsDJXB0n\ntjxC3viXVybd3KJHpZ2eI6pfbvRB98gsyNBDYXs3JSxfWUnlf4gX3Y+kS2BTtkzp\nu00OilNjwGwyfbqkVy2OyAlbLufNbKmab3QWSzzxjidLRmp5BkYF8eyRbWxYlyQb\ng7VzEBz9/kMf3WFEfn1dPRwrej/9pDhXdz6BF0ivW1nmcSTerCeW1ujosgSYwX1X\nRcYFNqPfBfOMS9ENIDNLvJXjcowOwWXy5M5vUAdGgb63tonlCJZ0mPoGXQ/jXaf0\nQBfLazDdchhMxoAxg52iOiWXRQIDAQABo4ICYTCCAl0wDgYDVR0PAQH/BAQDAgWg\nMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G\nA1UdDgQWBBT04ICFySd41oCrvh47oJDlsaaN6jAfBgNVHSMEGDAWgBQULrMXt1hW\ny65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6\nLy9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu\nb3JnLzAxBgNVHREEKjAoghMqLmJ ldGEuaWxlYXJudGEuY29tghFiZXRhLmlsZWFy\nbnRhLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYG\nCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB\n1nkCBAIEgfUEgfIA8AB2AESUZS6w7s6vxEAH2Kj+KMDa5oK+2MsxtT/TM5a1toGo\nAAABeH7p7lEAAAQDAEcwRQIhAJZiwSi9tcne0xRjKr64J8jrwQbLx1GTWuXBtjGc\naEx4AiAlVQIW3lzS6ba3IXOOQvhX6zZ08Yip/XXy/zyIvmDCmAB2APZclC/RdzAi\nFFQYCDCUVo7jTRMZM7/fDC8gC8xO8WTjAAABeH7p7m8AAAQDAEcwRQIgMpy//pVZ\nw06hmEOguTD7BE2GXkMjpB1UkGl2N7GaN3ICIQCELylK5JPdcETLneL32ueL7aiy\ni/MFN41Ie94MeA5J2zANBgkqhkiG9w0BAQsFAAOCAQEAK3+q6k5uvmvrO3Ua0UB5\nG97zU+EGJXy6QxS+6o9uaAAFO/jw4ABnGi4ykGZjOejHHB2nfWRskB9SLNvft8fa\nXsrDt2NDTNM4z3ygJfEUAO4XzAqaor0DAJnoSOQXj5uAHPR/D+IpdhdppWzl4+/s\nJL8UtrLi9xD4ruMT6rXWYRpm33FH8c3bURn4zojO9hJZ9Fg1HzHg9rNQiJj7npw2\n77sEprgRBpnw08JeGiFS2wrujM9+GWP2ghcTOaVjQ6jRUOzomyyxsqdi6LJj0qXE\nrk1hBRpWHB3+MXweJcXIh8Q3jiVHx4LuyG7RWsewHH2uHkvBNbUb5qaXBeqUNk60\nMg==\n-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----\nMIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISp DBbN3zANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow\nMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT\nAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs\njVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp\nTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB\nU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7\ngcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel\n/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R\noYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E\nBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p\nZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE\np7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE\nAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu\nY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA 6Ly9jcmwuaWRlbnRydXN0\nLmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf\nr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B\nAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH\nejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8\nS8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL\nqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p\nO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw\nUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==\n-----END CERTIFICATE-----", "id": "00000000000000000638", "sni": "*.beta.ilearnta.com", "status": 1 }, "createdIndex": 764, "key": "/apisix/ssl/00000000000000000638", "modifiedIndex": 764 }, "action": "get" } ``` i get the right ssl cert from the admin ssl. ``` $ openssl x509 -noout -text -in a.cer| grep Not Not Before: Mar 29 15:56:03 2021 GMT Not After : Jun 27 15:56:03 2021 GMT ``` but from the server side ``` $ echo -n \ | openssl s_client -host www.beta.ilearnta.com -port 443 -showcerts 2>/dev/null \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > a.cer $ openssl x509 -noout -text -in a.cer | grep Not Not Before: Jan 29 11:56:02 2021 GMT Not After : Apr 29 11:56:02 2021 GMT ``` this is really confused me. is there any cache or other things to stop me get the right ssl cert ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
