KEPServer Certificate Expired

I have a KEPServer connected to Ignition that has a fault that says the certificate has expired or is not yet valid. This connection has been running for as long as I have been here with no issues and based on the experation date on the certificate in Ignition it shouldn't expire for another year. Any help would be great!

Error Code
UaException: status=Bad_CertificateTimeInvalid, message=The Certificate has expired or is not yet valid.
at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.onError(UascClientAcknowledgeHandler.java:258)
at org.eclipse.milo.opcua.stack.client.transport.uasc.UascClientAcknowledgeHandler.decode(UascClientAcknowledgeHandler.java:167)
at io.netty.handler.codec.ByteToMessageCodec$1.decode(ByteToMessageCodec.java:42)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:510)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:449)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:279)
at io.netty.handler.codec.ByteToMessageCodec.channelRead(ByteToMessageCodec.java:103)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:995)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.lang.Thread.run(Unknown Source)

8.1.23 (b2022121308)
Azul Systems, Inc. 11.0.16.1

Is Kepware's clock off by a year? Is Kepware's own certificate expired?

In addition to Phil's questions - are you sure you're looking at the right certificate? There is both an OPC UA client certificate and a server certificate.

All the time stamps in KEPServer logs show the correct date and time. Kepware is running on the same server as my gateway. To be honest I don't know if the certificate is expired in Kepware all I know is that I can monitor live values in the Kepware software. Unfortunately, the person who set it up is no longer with the company, so I have no admin access to Kepware to view licenses and configuration. I have a ticket in with Kepware for support.

The only certificate I see in Ignition for KEPServer is for a client connection that has an expiration date of Mar 3, 2024.

Thanks to Kevin for pointing out the dual certificates. On my dev environment, under Config --> OPC UA --> Security --> Server tab, my "Ignition OPC UA Client" cert was expired. I regenerated it and then trusted the new cert on the Kepware "OPC UA Configuration Manager" --> "Trusted Clients" tab.