Question
Your public API's TLS leaf certificate is valid for another 60 days, yet starting at 06:00 a large set of clients — mostly older Android devices and some Java/IoT clients — fail to connect with 'unable to find valid certification path' / 'certificate expired,' while modern browsers and curl work fine. Dashboards: error rate from mobile SDK clients spikes; web traffic is normal; your cert's notAfter is two months out. Recent context: nothing changed on your side, but news mentions a widely-used root/intermediate CA certificate reached its end date overnight. How do you triage and mitigate?
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.