I generated an SSL Certificate for my google instance cdn for the past 12 months all has been working fine, until now when after renewing the certificate with certbot when I tried to add the new certificate it fails on the CDN console.
Interestingly the certificate works fine on https://dev.owinomart.com but google complains that "The SSL certificate and key do not match". When adding on the Instance, I even re-created a solo certificate for https://cdn.owinomart.com.
Creating SSL certificate "certificate-september-25-2018" failed.
Error: The SSL certificate and key do not match.
The certificate was generated for https://dev.owinomart.com and https://cdn.owinomart.com
It worked fine for dev but failed on cdn(which is a google CDN instance)
What could be the problem?
From your comment, it sounds like you are adding a certificate to an existing domain.
a) Please confirm that you are adding a certificate to https://cdn.owinomart.com and not deleting the old certificate resources.
From our findings, such a thing might happen when multiple keys exist, and so the Certificate Signing Request (CSR) is unable to find the correct key.
b) Please also make sure you have created a separate folder and generated a new private key along with the certificate.
I would like to point to "Creating SSL certificate resource" section of public documentation on Creating and Using SSL Certificates and would like to know which of the two scenarios you are following - that is, creating a new key with a new certificate or Creating CSR from existing certificate files?
Lastly, I am also sharing you a link on ’How do I verify that a private key matches a certificate?’ If it matches, you could manually copy the private key to the Google CDN instance. If the modulus of the certificate and the modulus of the private key do not match, then you're not using the right private key. You can either create a brand new key and CSR and send contact support or do a search for all private keys on the system and compare their modulus.