CertKitMass revocation gives you 24 hours and thousands of certs to replace. ARI (RFC 9773) automates it, but only if your ACME client is always running.
Certbot uses a cron job. acme.sh has no ARI support.
https://www.certkit.io/blog/ari-solves-mass-certificate-revocation
ACME Renewal Information (ARI) solves mass certificate revocation
When a CA has to revoke hundreds of thousands of certificates on a short deadline, email notifications aren't enough. ARI is the protocol that lets the CA tell your client directly: renew now. Here's how it works, and why most ACME clients can't actually respond in time.