From this post: Pamac fails to synchronise due unacceptable TLS certificate - #34 by philm I see that they are using some kind of monitoring already 
The problem is that an automatic renewal is not as trivial as running certbot renew once every few days.