Hi Yossi,
open a case referencing this bug - https://tools.cisco.com/bugsearch/bug/CSCut12983
Their engineer will connect to your server and manually remove an expired certificate via their root access toolkit. There is no way you can fix this issue ...