NSX 4.1.x
NSX 4.1 introduced Envoy for reverse-proxy. As part of these changes certificate expiry validation had an implementation issue. The impact of this issue may typically be observed post upgrade to NSX 4.2.x when the certificate expiry is correctly implemented and connections may no longer work.
This issue is resolved in VMware NSX 4.2.0 available at Broadcom Downloads.
If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.