By default, when you assign certificates issued by an Internal Certificate Authority to Lync & Skype for Business Servers (e.g. Front End, Internal Edge, etc), based on the Web Server template, they will be valid for two years.
Two years quickly pass by, and it can be an involved task to generate new certificates, especially across enterprise deployments.
If agreeable with corporate security, I generally create a new template to issue five year certificates. Note five years is the maximum that the Skype for Business Server Deployment Wizard accepts.
Open the Certificate Authority MMC. Right click Certificate Templates, click Manage.
Right click the Web Server template, click Duplicate Template.
Edit the properties of the New Template. Change the Template Name & Display Name to something meaningful (here I’m going with SfB_Template). Set the validity period to 5 years. Click OK.
Right click Certificate Templates, click New > Certificate Template to Issue.
SfB_Template is now visible in Enable Certificate Templates. Click OK.
SfB_Template now appears in Certificate Templates.
Certificates can now be issued. The following is an overview of using the Skype for Business Server Deployment Wizard requesting and assigning a new certificate for a SfB Front End Server, specifying the SfB_Template.
Click on the Default certificate, click Request.
Select the Internal CA, set a friendly name, select the SIP domain. Click Advanced.
Check “Send the request immediately to an online certification authority”. Click Next.
Check “Use alternative certificate template for the selected certification authority”. Enter the template name (SfB_Template). Click Next.
Bit length should be 2048 (the default), click Next.
Add any additional SAN names if required. Click Finish.
Verify details, click Next.
Review the Certificate Request Summary. Click Next.
View Certificate Details: as you can see from the certificate properties, the certificate is valid for five years. Click OK.
Review the Certificate Assignment Summary. Click Next.