Kontrola is a a script that uses nmap to sweep a subnet looking for ports with SSL certs, then querying those certs to discover upcoming expiration dates. Besides discovery, it can also do more traditional tracking using a host based file that you provide
You can read more about this here
It is a way to take the guesswork of when certificates expire as its hard to track sometimes in large companies this can be done for external certificates as well as internal ones.
However it is more about getting the reports in a friendly report that everyone can read like this:
First you need to install it, I like Kali Linux, but choose your own poison there, once at the shell you need to run this to install it:
git clone https://github.com/philcryer/kontrola.git
cd kontrola
Once install, edit the domains.txt file, adding domains you want be checked, then run the script. simple.
./kontrola
discovery="yes" discovery_subnet="10.10.0.0/32" ./kontrola
Obviously substitute the subet range for the range you want it to scan.
Reports are outputted to the /html folder.