We last renewed my SSL certificate two years ago - GAE was rather different then and we were using SNI+VIP.
This time I ordered the cert and when i went to install I needed to fiddle with my DNS settings to prove that I owned the domain name. This took a while, but I got there.
Finally I installed the new certificate using the developers console. That worked.
Next I associated the domain name with the new certificate. No obvious problems.
However when I checked my site at
https://sub.mysite.com, the old certificate was still showing, I waited six hours, but it did not update.
What I do notice however is that the cname on the new certificate has changed. On the console the old certificate had:
While the new one has:
and
my DNS looks like:
;QUESTION
;ANSWER
So on the face of it it looks like a good idea to change that to point at ghs.googlehosted.com, but I'm worried because at the moment I (and paying customers) can still see sub.mysite.com albeit without SSL and surely fiddling with the DNS will break that too?
If you can offer any advice on this I'd be very thankful.
Col