• Client auth is failing against koji.stg.fedoraproject.org
• The source might be that /etc/pki/tls/crl.pem is out of date on koji01.stg - it was last updated in September of last year.
• There is a cronjob, /usr/local/bin/updatecrl.sh, that should be updating it. It pulls it from admin.fedoraproject.org/ca/crl.pem
• In stg, that request gets redirected to admin.stg.fedoraproject.org/ca/crl.pem
• That file is out of date.
• There is a cronjob defined in modules*/fas to run "make gencrl".

I can't log in to fas01.stg though to check it out any further than that.