Thanks for the anwser and openssl tip
I've found some *.pem files but none of them has the same date as the one that's going to be expired
Haven't checked any files from /usr/share/certs/blacklisted and /usr/share/certs/trusted - guess those are root certs and I have no authority on their renewal
Those are files and folders I've checked:
/usr/local/etc/ssl/cert.pem
/usr/local/openssl/cert.pem
/var/unbound/unbound_server.pem
/var/unbound/unbound_control.pem
/etc/ssl/cert.pem
/var/etc/haproxy/ - there I've found one expired cert that I've acknowledged via web-interface. It has nothing common with info from there except the date though.
And some letsencrypt certs that I've succesfully renewed some days before starting this topic - not the one I'm looking for.
UPD:
A bit afterwards I found out I can export expiring certificate as .crt file
So... Am I supposed to install certbot on another host and renew my .crt using that installation or are there any other ways?