If you did them all at set up, then you willprobably need to look for...
Apple Push Certificate. in Settings / Global Management / Push Certificates. You will need to find the Account details that made the Cert with Apple. Replacing it is easy enough, instructions are provided. You download a copy of a cert from the JAMF, upload to Apple, Then download the new cert from Apple and upload it to JAMF.
You may have a VPP cert from ABM or ASM, You will need a new token for that. in Settings / Global Management / Volume Purchasing.
And finally in Settings / Global Management / PKI Certificates > Management Certificate Template, Download a copy of your CA cert, and open in Text Edit. You should see its expiry date listed, these can vary as to how long they last for, a year to years, depending on how it was set up. Also Same place for any External CA certs too. I have not replaced either of these, our network team are on the case there, and they do it for me whenever it needs doing.
I think that is all of them. The Apple Push Cert - Never let it expire before you put a new one in place. That will be a bad day at work if you let that happen (The fix is to re-enroll everything). The Apple certs only last for one year, so you will need to be replacing it at 364 days or sooner, which means setting a reminder in time earlier each year.
If I missed any I am pretty sure someone will jump in and let you know.
