New certificates in the Web PKI ("SSL certificates") have a maximum lifespan of 825 days. This is enforced (if a CA were to issue a certificate with a longer lifespan Chrome for example would just treat this certificate as invalid). The commercial CAs mostly offer one year or two years, with renewals using the 825 day limit to offer renewals in the overlap, so e.g. you buy two years in June 2018, in April 2020 you can pay for two year renewal and the new certificate expires in June 2022 not April 2022.
If you're using certificates in your own PKI (as it's likely Microsoft actually was in this particular incident) then there's no need to buy them and it's up to you what your appetite for risk is on when they expire.
New certificates in the Web PKI ("SSL certificates") have a maximum lifespan of 825 days. This is enforced (if a CA were to issue a certificate with a longer lifespan Chrome for example would just treat this certificate as invalid). The commercial CAs mostly offer one year or two years, with renewals using the 825 day limit to offer renewals in the overlap, so e.g. you buy two years in June 2018, in April 2020 you can pay for two year renewal and the new certificate expires in June 2022 not April 2022.
If you're using certificates in your own PKI (as it's likely Microsoft actually was in this particular incident) then there's no need to buy them and it's up to you what your appetite for risk is on when they expire.