check-certificates: make the warning time configurable

check-certificates

@@ -13,6 +13,7 @@
 :global CertRenewPass;
 :global CertRenewTime;
 :global CertRenewUrl;
+:global CertWarnTime;
 :global Identity;
 
 :global CertificateAvailable
@@ -103,7 +104,8 @@ $WaitFullyConnected;
   }
 }
 
-:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) expires-after<2w !(fingerprint=[]) ] do={
+:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) \
+                   expires-after<$CertWarnTime !(fingerprint=[]) ] do={
   :local CertVal [ /certificate/get $Cert ];
 
   :if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={