Detail
When a certificate has been refreshed, Aerospike server will load the new certificate automatically for new connections.But this would not be the case for other services like Aerospike Prometheus Exporter, or XDR Proxy.
One should pay attention to the origin IP address of the error message and check if coming from localhost:
SSL_accept with 127.0.0.1:34094 failed: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Answer
In the above example the certificate expired error is coming from a client with localhost IP address: 127.0.0.1The most likely culprit is that the certificate files may have changed and were not reloaded automatically.
Check the client in question and determine if a restart is needed for that service.