Detect expiration of TLS certificates in advance on mirrors
TLS certification expiration is a quite frequent failure on our mirror pool: 8 times in the past 12 months.
Contrary to networking issue, it can be detected in advance.
For example, we could have check-mirrors warn us then the certificate of a mirror is due to expire in 10 days or so.
I couldn't find about the renewal policy of Let's Encrypt but we could use their default delay before renewal as a minimum value and send a warning if certificate get below this threshold.