I had a very unexpected event today, when tried to generate a new TLS certificate, but did not want to apply it immediately, because just wanted to use it on my own nginx server to do some testing.
The new certificate that I created, got immediately applied the moment I purchased it, and there was no buttons to switch back to the old certificate (which had the right production names in it).
I think this part is very tricky, why there is no way to “toggle” which certificate is now being used on the edge servers? I did not expect the certificate to be applied immediately replacing the old one.
The question is, why this design choice, to make a new edge certificate one click away from getting applied to all servers? It’s pretty dangerous.