If someone's server was compromised they will have revoked their old certificate and issued a new one. If someone grabbed the old one you will only know it is invalid if you check for revoked certificates. In Chrome you do this under Settings, Advanced Settings, and check the box that says "Check for Certificate Revocation". Note that this is disabled by default. Other browsers will have similar settings somewhere.
Then check your browser is actively doing this at this site