feat: Log warnings for duplicate certificates per protocol

Co-authored-by: aider (gemini/gemini-2.5-pro) <aider@aider.chat>

main.py

@@ -23,7 +23,7 @@ except FileNotFoundError:
 def alert_tanner(msg):
     pass
 
-async def check_host_cert(host, port):
+async def check_host_cert(host, port, seen_serials):
     "check a single host's cert"
     try:
         # default context does hostname checking and certificate validation
@@ -43,6 +43,13 @@ async def check_host_cert(host, port):
             alert_tanner(msg)
             return
 
+        serial_number = cert.get('serialNumber')
+        if serial_number:
+            if serial_number in seen_serials:
+                logging.warning(f"Duplicate certificate with serial number {serial_number} found for host {host}:{port}")
+            else:
+                seen_serials.add(serial_number)
+
         expiry_date_str = cert['notAfter']
         expiry_date = datetime.strptime(expiry_date_str, '%b %d %H:%M:%S %Y %Z')
 
@@ -74,13 +81,14 @@ async def check_host_cert(host, port):
 
 
 async def main():
+    seen_serials = {proto: set() for proto in HOSTS}
     tasks = []
     for host in HOSTS['http']:
-        tasks.append(check_host_cert(host, 443))
+        tasks.append(check_host_cert(host, 443, seen_serials['http']))
 
     for host in HOSTS['mqtt']:
         # standard port for MQTTS is 8883
-        tasks.append(check_host_cert(host, 8883))
+        tasks.append(check_host_cert(host, 8883, seen_serials['mqtt']))
 
     await asyncio.gather(*tasks)