This relies on a person updating the expiration field accurately and in some cases (automated renewal), often, which will always leave room for error. +1 for automated checking of a certificates currently installed status. This would be more reliable for both manual certificates and catching automated renewals where the automation mechanism has failed.