Hello @Jorg Smash ,
Thank you for posting here.
To better understand your question, please confirm the following information at your convenience.
1.Is the issuer "Leona" your internal Windows CA server?
2.Are your certificates （old cert and new cert） all self-signed certificates? If so, how did you generate old cert?
Tip: Self-signed certificate means Leona issues cert to Leona.
3.Does the issue occur on the same client or difference clients?
4.Please confirm to whom are the new and old certificates issued?
5.Based on "Fast forward to today. It has happened again. My Windows system has switched to a new PFX file that was generated last month.", where is this new certificate installed when you find it (Machine store or User store or other location)?
6.What account did you use to log on this Windows client? Leona or other account?
7.Could you import this new certificate into User store as below?
Should you have any question or concern, please feel free to let us know.
If the Answer is helpful, please click "Accept Answer" and upvote it.