I mean the certificate that the browser sees.
It is valid for 398 days and needs to be renewed once a year.
If you mean when you connect to the web admin portal through your browser, you have to renew certificates engine side.
If you have a self hosted engine you have to put the environment in global maintenance first.
Then, both on standalone engine and on self hosted engine environments, you have to run this as root on the engine server:
engine-setup --offline
The --offline is because you don't update any package in case there are any available.
At the questions you should also see:
Renew certificates? (Yes, No) [Yes]:
and answer Yes
The other ones you can accept default answer
If you have a self hosted engine you have now to exit from global maintenance
See also here:
HIH,
Gianluca