Hello,
The fact that the "ignore-server-auth-failure" option helps you to pas sthe traffic indicates that the possible problem can be with that certificate validation, root CA expiration dates. It would be a good idea to verify the settings once again.
When configuring SSL proxy, you can choose to set the option to receive some or all of the logs. SSL proxy logs contain the logical system name, SSL proxy whitelists, policy information, SSL proxy information, and other information that helps you troubleshoot when there is an error.
You can configure logging of all or specific events, such as error, warning, and information events. You can also configure logging of sessions that are whitelisted, dropped, ignored, or allowed after an error occurs. You can use enable-flow-tracing option to enable debug tracing.
Also outputs for following commands to check the SSL will help.
show services ssl proxy statistics
show security pki local-certificate
Regards
Vatsa