If you can share more details about the "disaster recovery" certificates and how their used in your devices, it's possible those are what you need.
One other question: Are you using a custom root store, or are you doing key pinning? If you're doing key pinning (the term "disaster recovery keys" is commonly used in that context), you may have a path forward.