Maybe there is a reason I am unaware of as to why you don't do this, but would it be possible to have the expired certificates auto-deleted?
I see this being especially useful for those using Lets Encrypt certs that are autogenerated by opalstack.
Note: I'm just a bit of a clean freak 😛