Certificates are usually issued back-dated by one hour. Most clients on the Internet are correct +/- 60 minutes, because of a mixture of small timezone errors, daylight saving being wrongly observed / not observed / not updated and similar. It is rare for clients to have the wrong date.
Back dating with a technical rationale (e.g. to work around crap clocks and historically as a way to hide more entropy near the start of the signed certificate) is accepted in the Web PKI, it is only forbidden to use back dating to try to dodge Baseline Requirements, for example back dating to avoid the restriction on SHA-1 after 2015 was prohibited and is one of the things StartCom / WoSign were caught doing.
Back dating with a technical rationale (e.g. to work around crap clocks and historically as a way to hide more entropy near the start of the signed certificate) is accepted in the Web PKI, it is only forbidden to use back dating to try to dodge Baseline Requirements, for example back dating to avoid the restriction on SHA-1 after 2015 was prohibited and is one of the things StartCom / WoSign were caught doing.