DNS / Reverse DNS name mismatch after certificate update
I'm running 10.9.5 with Server 3.2.2, using a SSL certificate from a third-party, with a true IP address with DNS properly set up for this.
A couple of weeks ago, the certificate was going to expire, so I renewed it (using the web interface of my hosting company) and added the new certificate (and intermediate) to OS X server, and deleted the old one, then rebooted.
Since that change, every once in a while, we are getting warning messages about a server name mismatch: the error message indicates that the server name doesn't match the DNS name, and shows the correct certificate, along with the REVERSE DNS name of my IP address. The IP address is a Time Warner business account and thus the RDNS doesn't match the DNS.
Basically, it says something like this "The server a.b.c.d.timewaernerbusiness.com may be pretending to be myDomain.com" where a.b.c.d is my actual IP address.
I could tell my users "just trust the mismatch" but that's not good policy : I'd like to fix it.
Additional complexities:
* This is the 3rd time I've updated the certificate. The first time it went smoothly with none of these problems.
* This new certificate is from a different registrar (COMODO instead of Verisign)
* The error only crops up occasionally, and it seems to only happen on the Calendar service.
Any ideas?
I could probably solve this by having Time Warner set up RDNS properly for my IP address - but I never had to do this in the 2+ years prior, so I'm not sure that's the right solution.
Mac mini, OS X Server, OSX 10.9.4 with Server 3.2