I recently did a certificate signing application in Golang. This was my first Golang application. The app would send CSR over to a server which would sign and respond back with certs. For over a week of debugging realised the server had bugs and was not signing the certificate properly. The bug was very subtle. The bug in third party libraries can be overwhelming for a beginner.
God you're bringing up my own personal PTSD. I also had a problem one time in production where my certificate code wouldn't work, and it was live, and everyone was freaking out.
Anything with security, encryption, passwords, certificates is extra hard, because a lot of times the error messages are just too cryptic (ha!) to get to the root cause. They are trying to not give away anything if possible, which can make even the most trivial errors hard to spot.
