Hi @Salam ELIAS ,
For setting up the Server Template you can follow and configure the settings as per this article certificate-autoenrollment-in-windows-server-2016-part-2.aspx, validity can be set as per your requirement.
However as per the requirement, t he autoenrollment process is normally triggered by the Winlogon process, and is designed to be activated and managed by a domain-based Group Policy. Both machine-based and user-based Group Policy can activate autoenrollment for machines and users.
By default, the Group Policy is applied at reboot for machines, or at logon for users, and is refreshed every eight hours. The refresh interval can be configured using Group Policy. Autoenrollment is also triggered by an internal timer that activates every eight hours after the last time autoenrollment was activated.
For alerts you will have to use SCOM or Solaarwinds to alert for renewal process for notifications to the administrator.
Hope this helps.
JS
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.