I also run one more start up script on the main server, it checks the machine on boot. You could exercise an option to have your main server do a reboot to try and resolve issues, this start up script would check to see if the reboot fixed the issue, if not it would then power off the main server allowing the back up server's ping to fail, and it will fail over as well.
What is comes down to is how much downtime and how much user warning you want to include. In one scenerio, if a protocol failed like AFP but SMB was still working, it would blast a "server reboot in 1 hour" so SMB users can still work. Then the server would send another warning before reboot. In true high availability the whole process should occur automatically in a matter of seconds or minutes.
Lucas, can you try again? I am not sure how I turned off private messages.
And for the second questions
An SSL certificate is linked to the public domain name, not any internal dns or ip. You should be able to install the same cert on both servers.
From another post:
"Install the cert on the primary, then export the cert with the private key and install on the failover.
When the primary goes down, the failover will take over, with the same domain name and same certificate."