• There is one or more expired CA-signed certificate with "Used by" count higher than 0.
• Attempts to delete the certificate are unsuccessful as the certificate is linked to a specific node/UUID.
• When you search for this UUID in NSX search, it doesn't return any results.
• This node UUID does not correspond to any current NSX Manager's UUIDs.
• NSX Manager may have been re-deployed in the past.

• VMware NSX
• VMware NSX-T Data Center

For a CA-signed certificate, please open a support case with Broadcom Support and refer to this KB article to have the certificate detached. 
For more information, see Creating and managing Broadcom support cases.

If this is a self-signed certificate, please use the Certificate Analyzer, Results and Recovery script to detect and remove certificates attached to stale/non-existing node UUIDs.