You are mixing different types of certificates. VPN and SIC certs are NOT the same.
VPN default certificates (IKE certificates) were valid for 5 years. Starting from R81.10, validity of VPN default certificates (IKE certs) was changed from 5 years to 1 year by default. VPN default certificates (IKE certificates) were needed to be manually renewed. There is a way how to renew VPN certificates automatically.
SIC certificates are by default valid for 5 years and are automatically renewed once 75% threshold is reached. In some cases, SIC certificate is not renewed and it has to be renewed manually. Scenario 4 in sk97691 is one example why SIC needs to be renewed by hand. Another situation where SIC is needed to be renewed manually is mentioned in sk103356.
Kind regards,
Jozko Mrkvicka