Why not just give them the option to publish config files (in app/config), and they can specify their path to the certificates there? The user placing files inside your package would be an anti-pattern because when you update your package and they run composer update their certificates will be wiped out.

php artisan config:publish vendor/package

You can access their values here using:

Config::get('package::certs.path');

Basically you don't need the path there because you can use Config::get() to access any values there, but if you wanted to know it, it would be:

app_path() . "/config/packages/vendor/package"