There is no visible changes to the setup or Vservers after adding the new certificate. Old Certificate still works fine and we see VServer SSL bindings intact. However, after a reboot, upgrade or HA failover, we see old certificate is lost and the Vserver bound to that SSL Cert goes Down.

• ADC doesn't distinguish the new Server certificate name if it matches the old certificate
• When the old or existing(expired) cert is updated , it is replaced with new certificate if it has same name, however, the old certificate-key pair binding still exist.
• Hence after a reboot or failover the existing CertKey binding command fails as the old Cert is no longer present in 'nsconfig/ssl ' folder.
• Always use new and unique Cert names while uploading Certs on ADC
• This is an expected behavior across all ADC versions if the cert names are same

Problem Cause

Server Cert name was same for Old and New Cert. So the Old Cert got replaced with New Cert while uploading. But the CertKey binding stayed as it is.