The CA/Browser Forum voted to cut TLS certificate lifespans down to 47 days by 2029, with shorter limits already rolling in before that.

Certbot + Let's Encrypt is the obvious answer for automation, but that still leaves a blind spot — you don't always know when a renewal silently fails until a client is already down.

For those of you managing infrastructure across multiple domains or clients: how are you actually staying on top of this? Is there a tool that gives you a proper overview, or have you cobbled something together yourself?

Asking because I'm validating whether this is a problem worth solving properly. Would love to hear how people are handling it today.

EDIT: Thanks for the info, guys. I wasn't aware of enough tools for this, I guess.