Seeing how people are worried about third parties issuing certificates, I encourage using a tool to monitor CT Logs. It really makes the fog of war disappear around your certificates.

https://crt.sh for point in time checks, https://sslboard.com for comprehensive oversight (disclosure: I'm the founder)