15.x and higher
When renewing a certificate issued by a Microsoft Certificate Authority, the certificate workflow stops at stage 600 with the error "Error approving Certificate request with CA CADN for CERTDN. Return Code: -2146885613, Error: -2146885613".
If the MSCA is unable to fetch current revocation information, it will not process certificate approval API requests. One possible cause for this is if the CRLs that are included in the CRL Distribution Point extensions in the CA intermediate certificates are expired.
If the CRL is expired, publish a new CRL from the MSCA and copy it to the webserver directory where the CRL DP extension is served from.