this is the response from Tiyaro DeepQuery which basically says some certs get auto-renewed, some are your headache. Fun times!
The reason you don't encounter solution user certificate expiration issues frequently even with a large number of vCenters is primarily because VMware vCenter Server has built-in mechanisms for certificate management that automatically renew certain certificates before they expire. According to the information in the snippets, especially with updates in recent versions, VMware vCenter's Single Sign-On (SSO) feature, along with the VMware Certificate Authority (VMCA), handles the automatic renewal of key certificates, such as the Security Token Service (STS) signing certificate, before they reach the expiration threshold. This proactive renewal is part of why the issue is not as prevalent even across various versions of vCenter that you manage.
However, specific issues such as expired Solution User certificates can occur, and they need manual intervention if they do not automatically renew. The action typically involves using vCenter's Certificate Manager to replace these certificates manually or following specific VMware KB articles for resolution. In environments running multiple versions, it is advisable to regularly inspect the certificate status using available tools and update vCenter versions to leverage improvements in certificate management.
In summary, while auto-renewal is a key feature, the necessity of regular management and updates is critical in preventing widespread issues in your environment's vCenters.