While I was on holiday last week (so I didn't check anything at the time) a customer gateway had the internal CA expire. At that time, the site-to-site VPN to a managed gateway dropped, and remote access clients also had problems connecting.
Apparently, without doing anything (without renewing the internal CA cert) the site-to-site and Remote Access clients started working again after about 40 minutes.
Can anyone explain how this could happen if the internal CA cert was still expired at that point? It hadn't been renewed yet. How could VPN's come back up again?