Given the average turnover for IT professionals hopping orgs I would personally require shorter certificate durations as a business continuity measure. Not even getting into automation, it keeps the processes fresh in the minds of administrators and should in theory reduce the chance of losing all organizational knowledge of how and where to renew certificates in the environment.
Or just have a decent process that generates certs every 100 years.
I’m a fan of good practices and automation and whatnot, but don’t think making decisions just to require chaos and turnover in the hopes that it makes practices better is a good idea.
