I will occasionally get the frantic “CRM is down” call from clients, and for on premises users, one of the most common reasons is expiring SSL certificates. If you just deploy CRM without claims authentication, when your CRM SSL certificate expires, CRM will still work, but users with receive a certificate error. However, if you deploy claims/IFD, if the certificate expires, the application will not be accessible by users. It will just stop working with no warning.
Administrators, if you don’t have a system for tracking expiration of SSL certificate expiration dates, you should have one. CRM can do that–set yourself a task for a month prior to the certificate expiration.