System logs report "Failed to renew device certificate. Application Error occurred"

• Device certificate expires and automatic renew fails.
• System logs (show log system) report the following error

Failed to renew device certificate. Application Error occurred. Please contact support!

• device_certgen.log (tail follow yes mp-log device_certgen.log))report similar error

device_certgen INFO Generated pkey and CSR
device_certgen ERROR Certificate fetch request failed : Application Error occurred. Please contact support!

• Palo Alto Firewalls or Panorama
• Supported PAN-OS
• Device Certificate

1. Manually fetch the certificate from the CLI using CLI command "request certificate fetch"
2. If the manual fetch fails, then install the certificate again 
   1. Log in to the Customer Support Portal.
   2. Select Products > and click on Device Certificates
   3. Click on "Generate OTP".
   4. For the Device Type, select Generate OTP for Next-Gen Firewalls.
   5. Select your PAN-OS Device serial number.
   6. Generate OTP and copy the OTP.
   7. Log in to your next-generation firewall as an admin user.
   8. Select Device > Setup > Management > Device Certificate and Get certificate.
   9. Paste the One-time Password you generated and click OK.
   10. Your next-generation firewall successfully retrieves and installs the certificate.