I was told by my TL today that replacing the Edge certificate by mistake with a wrong one, and then after one hour reverting it back (to correct subdomain names) will cause errors for all users, for the next 48 hours, because the DNS propagates too long (no idea how DNS is related, that’s why I’m asking here, he did not explain, just said I broke everything for the next 48 hours and that’s it).
Everything got back to normal immediately after I reverted the TLS cert, so I wonder what could really cause problems for a few days for all users when just the TLS cert gets rotated back and forth? After all, the certificate gets presented to client browser during negotiation and establishment of a new session, so the only thing which can go wrong - is a broken session, until a new one is established, so it will be different from browser to browser, is that correct?
The full story is: I generated a cert, thinking I am going to just download it and use for my nginx to try something on a new subdomain, but instead, the newly bought cert got applied to all edge servers - because this is apparently how cloudfront works, and I didn’t know that, and probably missed a warning if there was one… Long story short, one of our engineers noticed broken production homepage, I immediately realized it’s about the cert, went to “Edge” tab and recreated a new certificate.
But now I am worried what if cloudflare Edge servers work in some special way, like from now on, both the bad and the good certificates will randomly be served from some servers or others? But it doesn’t sound possible, if it would be the case, CloudFlare would not be worth a penny as a CDN, so I don’t believe it can be like that.