Certificates Troubleshooting

MSP Toolkit
Minimal guidance for messy support realities.
Security & Continuity

Certificates Troubleshooting

Browse issue-specific guidance for Certificates.

  1. ACME challenge path accessible publicly but renewal validation still fails
  2. ACME renewal works on standby node not active node
  3. Browser shows certificate warning on internal appliance
  4. Browser trust warning appears only on mobile devices
  5. Certificate auto-renewal failed silently on appliance
  6. Certificate chain valid on Windows not on macOS
  7. Certificate private key present on server but export option unavailable
  8. Certificate revocation check slows VPN login from remote regions
  9. Certificates alerts indicate success while end-user experience never changes
  10. Certificates configuration survives testing but resets after restart or sync
  11. Certificates credential or certificate rotation breaks an existing integration
  12. Certificates feature works in web app but fails in desktop client
  13. Certificates healthy dashboard status masks a failing production workflow
  14. Certificates logging shows delivery yet the target workflow never completes
  15. Certificates new deployment works for pilot group but not for production rollout
  16. Certificates policy change applies in admin console but target users never receive it
  17. Certificates quarantine or protection action triggers but recovery workflow fails
  18. Certificates workflow succeeds for one account but fails for shared or delegated access
  19. Code signing certificate installed but build agent cannot use it
  20. Code signing certificate installed but signing pipeline cannot locate thumbprint
  21. CSR generated with wrong SAN list for customer portal migration
  22. Internal CA template changed and autoenrollment stalls
  23. Internal PKI issues certificate correctly yet auto-enrollment ignores new template
  24. Let’s Encrypt renewal succeeds but web service never reloads new certificate
  25. RADIUS certificate valid in store but NPS still presents old chain
  26. Reverse proxy imports PFX but private key unusable
  27. SAML app metadata imported but app still trusts old signing cert
  28. TLS inspection appliance resigns traffic with untrusted root on kiosks
  29. Wildcard certificate renewed but old cert still served
  30. Wildcard certificate renewed but one subdomain continues serving expired cert