SSL certificate SAN record validation
I had an incident recently where the SAN records in an SSL certificate were not renewed correctly.
I couldn't see a way to to raise an alarm for that with the current SSL monitor.
I'm thinking something that would raise an alarm if SAN record does not match a string of expected of DNS records.
Perhaps you could consider this as a future enhancement.