"Revoked" status is incorrect for certificates that are different but share the same descriptive name.
is_cert_revoked() in certs.inc is doing a bogus check on the certificate's descr field to see if the certificate is revoked when the IDs do not match. This leads to a certificate claiming to be revoked if it happens to share the same descr as a revoked certificate, regardless of whether not it is even from the same CA. Due to this, you cannot revoke the second certificate that shares the same descr, as it believes said certificate is already revoked.
It should do a more thorough check comparing the certificate's CA and serial number (ideally) or at least the CA+CN or full subject.
Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237