I have two servers on the same domain name (no sub-domain) but operating on different ports.
After I renewed the certificate, I only applied it to one of the servers. The other server is still using the old cert.
Even though: Both are seen as valid!
Should it be like that? When I renew a cert, shouldn’t the old ones become invalid?
What do you mean with "cross check"? Let's Encrypt offers OCSP for checking the validity of the certificate(s) the server sends the browser. But a) not every browser does this by default (there are privacy concerns) and b) it will only validate those certificates.
If you mean with "cross check" also check other certificates (older ones, different servers) then: no, it doesn't. The browser even doesn't know about the existence of these certificates, so how could it check those?
With “cross check” I meant that every time I send a request to my server, I get the certificate, then the browser checks with Let’s Encrypt servers if the cert is valid and then continues the connection with my server.
-> But thats clearified now! Thanks!
If you do want the old certificate to stop being valid when you get a new one, you can explicitly revoke it (e.g. with certbot revoke). Most site operators seem to appreciate the overlapping periods of validity.