In OpsMan UI Certificates tab, you may see certificates in "Unknown state". This indicates that the OpsMan cannot determine the rotation procedure for the certificate as there is an issue with current certificate. This is specified in the OpsMan doc https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/pcf-interface.html

Tanzu Operations Manager is unable to determine the next step of the rotation. This can mean that the certificate is in a state that generates safety violations when rotated. Contact Broadcom Support and include a support bundle that contains information such as the output of maestro topology.

To resolve the issue contact Broadcom support. This certificate requires a full certificate tree review.