OpnVPN Setup Questions

[xenon2008]

Hello together,

I'm currently setting up OPNVPN according to the Opnsense documentation & I'm "stuck" when creating the SSL VPN server certificate.
Well, I'm not really "stuck", I just saw that the default validity of the SSL server certificate is set to 397 days in advance.
What happens if I leave it like that and the certificate expires at the end of August next year?
Can I extend/renew it or do I have to equip all VPN clients with a new config including a new certificate?

Because the internal CA itself, which I created in the previous step, also had its lifetime set to 365 days in advance.
But I immediately increased it to 10 years because I thought that if the CA itself expires, I really have to do everything again.

And because I'm seeing it now, I'm naturally wondering the same thing about the client certificates.
Can i renew them after a year without having to install a new certificate on the client?`

How do you handle something like that? What lifetime do you give for each certificate?

Or do you think it would be better to give the server and client certificates a lifetime of 5 years, for example?

Sorry for the many questions, I'm still relatively new to this area and don't want to have to do everything again in a year.

To be honest, I also want to understand what happens if I have to renew the server or client certificate, for example, or it expires.

Thank you and have a nice day
xenon