I recently troubleshooted an issue wherein our Wireless LAN Controller was dropping access point connections. A quick look at the syslog of the WLC revealed the culprit:
*osapiBsnTimer: Jan 14 11:41:09.582: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3214 Failed to complete DTLS handshake with peer 192.168.80.23
This is the error that fills up the log when the Wireless Access Point certificate has expired.

There are two types of WLC AP certificate:
SSC – Self Signed Certificate
MIC – Manufacturer Installed Certificate

This issue occurs when the certifcates installed on the APs at time of manufacture expire. 10 years is the expiry and any AP converted from autonomous to lightweight had an expiry of 1/1/2020. Which makes sense as to why we are seeing this now!

The fix is simple:
1. SSH into the WLC
2. run the following command:
config ap lifetime-check {mic|ssc} enable
config ap lifetime-check mic enable
config ap lifetime-check ssc enable
save config

We had a mix of both SSC and MIC access points so I had to run both commands to ignore the certificates. Once complete the WAPs will re-connect to the controller.