The former person which has registered certificates for the account is not in the team anymore but the certificates which were registered under his apple id still need to be renewed. It was not automatically tranfered to the admin when the admin deleted the person. Also there was no warning. How can the dangling MDM certificates be recovered? Unfortunately there is no support info for Apple Push Certificates Portal itsel.
Apple Push Certificates Portal MDM
Apple always recommends using a generic company apple id for this this very reason (i.e applemdm@companyname.com). That way user access can be transferred from admin to admin if need be and the root mdm cert won't expire.
I believe you are correct that it is working this way, but I don't think it should be. My expectation was that whoever was currently the Agent for our Enterpirse Developer Program would have access to the current push certificates list in the portal. I'm glad I discovered this is not the case before I removed the previous Agent's account. Since allowing a certificate to expire requires re-enrolling after replacing it with a new certificate, this is just a remarkable way to hurt yourself. Especially since there aren't any warnings about this on the portal or member center.