I am trying to understand the behavior of autorenewal of computer certificate. The "computer" certificate based on V1 template is distributed to domain computers via ACR (automatic certificate request) in a GPO. Upon observation, computer gets this certificate installed when it joins the domain. According to documentations, the computer certificate distributed via ACR should be able to renew automatically. However, I noticed that on quite many machines this certificate had expired - some expired over a year. My questions are: 1. when a machine hits renew interval (< 6 weeks) does the renew automatically occur, or it needs a machine reboot to get the certificate renewed? 2. if the renewal needs a reboot and a machine does not get a chance to reboot untill this certificate expired, will a reboot at this point of time gets the certificate renewed, or gets a new certificte, or nothing happens? 3. What else can cause this computer certificate not renewed automatically? Thanks.