The system is also generally fragile-by-design because it doesn't degrade safely.
If the moment the cert expires the whole security story is supposed to fail, where is the side-channel to emit warnings a month before the cert will fail in the protocol?