diff --git a/cm.sh b/cm.sh
index 8583fc81eaaf252ff6df22bae99ec9a94898a906..94821ac263579bb246febd807b2efa55e97b931e 100755
--- a/cm.sh
+++ b/cm.sh
@@ -28,6 +28,7 @@
 # 2022-03-30  <axel.hahn@iml.unibe.ch>  remove usage of csr and generation of key file
 # 2022-03-31  <axel.hahn@iml.unibe.ch>  dns authentication with alias domain
 # 2022-04-04  <axel.hahn@iml.unibe.ch>  Bugfix: copy key from csr folder to ~/.acme/
+# 2022-04-04  <axel.hahn@iml.unibe.ch>  added param "list-old"
 # ======================================================================
 
 
@@ -508,6 +509,45 @@ function public_delete(){
 # 
 function public_list(){
 	_listCerts
+
+}
+#
+# public function; list old / outdated certificates
+# 
+function public_list-old(){
+
+	local _iRuntime=90
+	local _iWarn=65
+	typeset -i local _rc=0
+
+	cd "${CM_dircerts}"  || exit 1
+
+	echo
+	echo "Cert dir is $( pwd )"
+	echo
+	echo "---- Certificates expiring soon - with age $_iWarn ... $_iRuntime days:"
+	if find -type d -mtime +$_iWarn -mtime -$_iRuntime | grep . >/dev/null
+	then
+		find -type d -mtime +$_iWarn -mtime -$_iRuntime  -exec ls -ld {} \; | nl
+		_rc=1
+	else 
+		echo "     NONE."
+	fi
+	echo
+	echo "---- Certificate list ... older $_iRuntime days:"
+	if find -type d -mtime +$_iRuntime | grep . >/dev/null
+	then
+		find -type d -mtime +$_iRuntime -exec ls -ld {} \; | nl
+		_rc=2
+	else
+		echo "     NONE."
+	fi
+
+	echo	
+	cd - >/dev/null
+
+	_wd "Exiting with rc=$_rc"
+	exit $_rc
 }
 
 #
@@ -788,6 +828,13 @@ ACTIONs for ALL certs
         list
                 list all certificates including creation and renew date
 
+        list-old
+                list all certificates older 65 and older 90 days and exit.
+				Exitcodes:
+				  0 - all certs are up to date.
+				  1 - certificates to renew were found
+				  2 - outdatedt certificates were found
+
         renew-all
                 renew all certificates (fast mode - without --force)
                 and update files in ${CM_diracme}
diff --git a/docs/30_Usage.md b/docs/30_Usage.md
index e2cd95a4872c76e0ca18c81f374acc7b527d1ce2..716e49d589505d2e9376a3485e458855423f9296 100644
--- a/docs/30_Usage.md
+++ b/docs/30_Usage.md
@@ -21,6 +21,7 @@ _______________________________________________________________________________
 DEBUG: Using Let's Encrypt STAGE environment ...
 DEBUG: You can test and mess around. Do not use certs in production.
 
+
 HELP
 
 The basic syntax is
@@ -67,6 +68,13 @@ ACTIONs for ALL certs
         list
                 list all certificates including creation and renew date
 
+        list-old
+                list all certificates older 65 and older 90 days and exit.
+                Exitcodes:
+                  0 - all certs are up to date.
+                  1 - certificates to renew were found
+                  2 - outdatedt certificates were found
+
         renew-all
                 renew all certificates (fast mode - without --force)
                 and update files in ./certs
@@ -83,6 +91,7 @@ OPTIONS
                 the output additionally will be written into a tracelog file 
                 below ./log.
 
+
 DEBUG: Using Let's Encrypt STAGE environment ...
 DEBUG: You can test and mess around. Do not use certs in production.