SAML app metadata imported but app still trusts old signing cert
Scenario
A SaaS app imports new IdP metadata, but continues validating against the prior certificate.
Browser trust warning appears only on mobile devices
Scenario
Desktop browsers trust the site, but mobile users still receive certificate warnings.
ACME renewal works on standby node not active node
Scenario
A clustered or load-balanced service renews properly on one node, but the active node keeps failing ACME challenges.
Code signing certificate installed but build agent cannot use it
Scenario
The certificate is present on the server, but automated builds fail when attempting to sign executables or scripts.
Certificate chain valid on Windows not on macOS
Scenario
A website or appliance appears trusted on Windows but still shows trust errors on macOS devices.
Reverse proxy imports PFX but private key unusable
Scenario
An admin imports a PFX successfully, but the proxy or appliance claims no usable private key is present.
Internal CA template changed and autoenrollment stalls
Scenario
Certificate autoenrollment worked before, but a template change caused renewals or new enrollments to stop.
Wildcard certificate renewed but old cert still served
Scenario
A valid replacement certificate exists, yet clients still receive the expired or previous wildcard certificate.
Certificate auto-renewal failed silently on appliance
Scenario
An appliance certificate expires even though auto-renewal was supposedly enabled.
Browser shows certificate warning on internal appliance
Scenario
An internal firewall, NAS, or switch web UI triggers browser trust warnings for all staff.