Lighttpd

We have several servers running lighttpd-util and configured the same way via puppet. However, lighttpd-util on one server is using a self-signed ssl cert that I have no idea where it's coming from. The relevant part of the config is (edited pathnames for confidentiality reasons just in case):

ssl.engine                     = "enable" 
    ssl.pemfile                    = "/usr/local/etc/ssl/ourpem.pem" 
    ssl.ca-file                    = "/usr/local/etc/ssl/DigiCertCA.crt" 
    ssl.cipher-list                = "RC4-MD5" 
        "mod_accesslog",
    accesslog.filename             = "/var/log/lighttpd-util/access.log"

The problem host, using openssl, shows a self signed cert:

Verify return code: 18 (self signed certificate)

but the others are fine:

Verify return code: 0 (ok)

Again, we use puppet to configure these hosts, so as far as I can tell everything is exactly the same. The self signed cert was definitely signed internally, but where could it be coming from. How could lighttpd-util reference a cert other than what is specified in the config?

How would I troubleshoot this? Is there a way for lighttpd-util to dump where it's reading its cert other than dumping the config with -p -f /path/to/lighttpd-util.conf ?