I inherited maintaining a 2012 server. The certificate for our websites expired, so i installed a new one. It is still as if it is using the old one. We have many websites all on different ports. If I go to the bindings, they all have the new cert selected and it does not expire until 2020. When i click browse on the website and browse with local host, it shows expired. The same from the outside if I go to https://www.digicert.com/help/ and put in the url. One of the subdomains actually works and shows the new certificate. If I do netsh http show sslcert > c:\temp\certlog.txt it shows the new cert for each binding. Is it possible that the cert is being handled by a proxy or something? How could I tell? Any help would be greatly appreciated. Have worked on this for a week without getting to the bottom of it. Also, our main website (www.) is not on the same server as the subdomain websites that are not working. We have a wildcard cert.
IP:port : 0.0.0.0:7813 Certificate Hash : 35091bc455e3534fc0f513adf619478971e20fe5 Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914} Certificate Store Name : My Verify Client Certificate Revocation : Enabled Verify Revocation Using Cached Client Certificate Only : Disabled Usage Check : Enabled Revocation Freshness Time : 0 URL Retrieval Timeout : 0 Ctl Identifier : (null) Ctl Store Name : (null) DS Mapper Usage : Disabled Negotiate Client Certificate : Disabled Reject Connections : Disabled Disable HTTP2 : Not Set 
ipmo IISAdministration, WebAdministration ; Get-ChildItem IIS:SSLBindings |select-object *?