Starting late last night and continuing into this morning, we were notified of errors on some of our clients' sites; users were getting a "Transaction has been declined" message.
It appeared that Authorize.net's CA cert wasn't being reported as valid.
Last night Authorize.net installed new SSL certificates on their servers. Complicating things, they appear to have installed this new cert on only about 80% of their servers. So some requests from us were succeeding and others were not.
The root certificate for these new certs is not part of the default bundle of root certificates installed on our current version of Ubuntu.
Using the openssl CLI tools, our sysadmins identified the missing root certificate, downloaded it from Entrust, and added it to the root certificate list on our servers.
We're hoping this information helps others who are experiencing these same problems today! (And now, back to our regularly-scheduled lazy Sunday.)