I have come upon a domain that has multiple servers complaining of expired domain certificates. Digging in it appears that there was a root CA server that is gone. There are two subordinate CA s in the domain, which of course are now useless.
It also looks like this issue has been going on for some time. The certificates are months out of date.
I have not been exposed to this situation without a backup of the root server. How does one go about fixing this?