Following up the idea https://jira.hyperledger.org/browse/FAB-17000
Checking the logs could be quite annoying and error-prone, so it would be really helpful to have metrics with "Not After" value for all used certificates. These metrics can be implemented for the orderer, peer and ca as well. I would suggest that metrics are created for any unique used certificate, regardless of its type - tls, identity, ca, etc.
This approach might be quite redundant, but reliable and configurable.