I should probably mention that someone else took a look at my page and gets the correct cert, it's just me having the problem.

If you are using the new host name, I don't understand why Firefox would receive a certificate for the old host name. If you try a private window, does that make any difference? A private window bypasses the regular browser cache was well as cookies.

@jscher2000 I also don't understand and that's a great idea! Unfortunately it made no difference. Problem remains even in private window.

Is your cert db in firefox still containing the old cert? was the old or new cert a wildcard or even on a common ip, i.e on a amazon VPS where you push content to the amazon provided IP, however the content resides on a locally managed server?

cert db in firefox... I was thinking there had to be such a thing.... where do I find it? How do I edit it to remove the old cert?

I'm not sure how to answer your question about a common IP. I'm not using Amazon, just a normal VPS provider. No wild cards.

So how's this for strange and obscure but true solutions? I had an ipv6 DNS record defining the domain IP address as ::1. Deleting that record resolved the certificate problem, I now see the current cert. Thanks for everything!

Thanks for reporting back. I haven't learned anything about IPv6 DNS records, so definitely would never have thought of that.