If you have your own CA, you log every certificate with the expiry details. It's easier compared to an external CA because you automatically get the full asset list as long as you care to preserve it.

When I ran my own CA I issued certificates with 99-year expiry dates, and I never worried about them again.