I find the whole premise of your question interesting. Let me explain why.
We setup configuration monitoring for clients. When a change is detected we usually investigate this
I believe your question should have been how can I verify that a automated renewal (which is what is the most likely case for a new certificate) is what is being detected
There are other reasons why a certificate may have changed (not saying these are it)
A) Someone has requested a new certificate outside of the expiry date
B) Someone has configured a new certificate.
Asking people on a forum whether or not you should ignore the message is the wrong approach in my opinion.
My 5 cents on how to verify this
A) Check the contents of the email and what it is actually tell you
B) Check if a new certificate has been issued for your domain here https://crt.sh/
C) Browse to your domain and check the fingerprint of the certificate
D) If you are using certbot you can check the log file and see if a renewal has been successful recently
Overall your security system is doing what it should and you should verify the change is expected