Push Notification cert server broken for (old) MacOS Server?

A subsequent communication from Apple crushes my hopes for remediation:

Following our call, I reached out to a member of our engineering team for further insight into the macOS Profile Manager email notifications you’re receiving. After discussing the matter with him, I learned that macOS Profile Manager will no longer be supported by Apple moving forward. 

As a result, to continue managing your devices in the same manner, you will need to consider an alternative Mobile Device Management (MDM) solution from a third-party provider or from Apple known as Apple Business Essentials. There are several MDM solutions available, and I recommend evaluating key aspects such as hosting options and pricing to determine which is the best fit for your organization.

For guidance on selecting an MDM solution, I recommend reviewing the following resources:

Apple Platform Deployment User Guide

Introduction to Planning Your MDM Migration

While my team in Deployment Programs Support typically assists with Apple Business Manager account administration, I believe the best team to assist you further with this issue is Apple Business Support. You can reach them at 866-902-7144, Monday through Friday, from 8:00 a.m. to 8:00 p.m. CDT.

My response was:

This mission is creeping in a direction I really don't wish to explore. 

All I want to do is establish some simple shared calendars for my family on some server that isn't public. I should think something this simple would be possible without the necessary to forge an authoritarian empire controlling every iDevice owned by my family. 

If legacy support for Mac OS Server has degraded to a point where Apple can no longer provide this service, I'll just have to add a calendar server to our existing Linux web host machine. I'd like to do this within Apple offerings, but I can't afford to take on a new administrative nightmare that exceeds the benefit obtained.

Now my effort is currently stymied by the new Linux-based calendars being perfectly accessible by every Apple device in my family except one crucial MB Air that is maxed-out at Monterey.

I miss the days when Apple stuff "just worked."

Worked with a pair of extremely competent pros at Apple's push-certificate group (an actual public phone number), who advised me that the certificates aren't really "ready" for renewal until about two weeks prior, despite OS Server's nag message that gets sent a month prior; and that they can be renewed on the web at identity.apple.com if the Server isn't cooperating. So I'm waiting out the two weeks before trying again.

I discovered our commercial SOHO server VM, running cPanel on AlmaLinux, already had CalDAV capability installed as part of cPanel. It wasn't difficult to migrate the data and create new calendar accounts for the family. The problematic Monterey-capped 2018 MBA was replaced with a refurb M3 MBA because it was time anyway.

The only differences I can see are the loss of the "Private" checkbox option on events, and no push notifications (we have to run timed polling instead). Ironically, we could probably have achieved the same results just letting the MacOS Server push certificates expire and running timed polling on the existing system instead... but it's powered down now and that's a smaller electric bill and maintenance headache for me.

RIP, Apple Server.

There are five separate certificates involved that have been discontinued:

• apns:com.apple.alerts
• apns:com.apple.calendar
• apns:com.apple.contact
• apns:com.apple.mail
• apns:com.apple.mgmt

But there are other OS Server services that use certificates, such as Web Server. You can get those certificates from anywhere you want (I've been using Let's Encrypt for years, which is an entirely manual system, but not overly burdensome at four times annually). I looked into doing the same for the push certificates, but the stock capabilities of OS Server don't allow you to "import" those as you can its identity (web) certificate, they only allow you to reorder them annually from Apple's central server (which is now dead).

I didn't even try to hack a third-party certificate into the calendar slot, for fear of wasting a lot of effort only to find that our Apple laptops and phones refused to honor the new non-Apple certificate for some abstruse reason.

Don't bother to keep trying to renew your old OS Server push certificates. Apple's issuing server is dead, dead, dead.

Your best choices are to migrate to a public shared calendar server like Google, Yahoo, AOL, etc., if you aren't paranoid about your data security; or to a private cloud server if you are. Or, you can try continuing to run OS Server with no push option, only timed polling (I never tried that).

I found the "migration option" packages for maintaining your calendar service on Apple HW, suggested by Apple back in High Sierra when they removed CalDAV from OS Server, to be baroque and unsupportable back in that same time frame. I can't personally recommend any one of them.

"incrementally migrating services off macOS Server to Synology including Time Machine server for backups"

As it turns out, I found Apple's own Time Machine migration path for local multi-device backups to be perfectly elegant and adequate -- just establish a shared-volume backup storage repository (drive) on a non-mobile, always-on machine in your facility, point your backups there, and forget them. They essentially moved all the old OS Server logic into the main OS itself. Do I assume you are doing essentially the same thing using the stock Apple software and just using Synology NAS as an autonomous server repository?