the one you provided 1 option, otehr one make a central database and make it process.
get all Certificate information based on the device and add to some DB or EXCEL - write a any scripting keep checking that data and alerts group email by 90days of expirty / 60days of expirty / 30days of expirty, this give enough time for admin to take action and renew.
When renew add new updated date on excel or DB.