Great script, didn't noticed it before, just a minor update, found out that wildcard certs are not supported.
made a small change to to code
Change following code:
MAILSAN="DNS:mail.$DOMAIN";
if ! `openssl x509 -noout -text -in $CRT | grep -q $MAILSAN`; then
echo "The...