While internet CERTs may be more actively managed, there is need to ensure EVERY digital certificate on network is active & set with maximum security controls — and most importantly properly RENEWED in advance of the expiration date (including testing each renewal)

https://redmondmag.com/articles/2020/02/14/it-inadequacies-key-and-cert-mgmt.aspx

Mismanaged security certificates have resulted in “unplanned downtime and outages,” per 73 percent of respondents in a recently published Ponemon Institute study, * which polled IT security personnel.   The February study, called “The Impact of Unsecured Digital Identities,” was sponsored by Keyfactor. The sampling time period for the survey wasn’t disclosed.  Over half (55 percent) of the respondents indicated that their organizations had undergone “four or more certificate-related outages” in the past two years.