Not applicable in this case. This was a certificate issued March 20th 2025 and which expired March 20th 2026. Also concerning are the instructions written in broken English instructing visitors to ignore all SSL warnings.

Using old compromised certificates is a legitimate MITM attack vector.

because you need to automate it

And in turn making revocation less & less of a pain. Since that was more of the pain, overall it's getting easier.

DNSSEC+DANE will fix it. Soon we will have self-signed certificates once again!

I also don't get it, why do certificates need to expire?

On the one side all the users will need to prove their ID to access websites, and on the website side the site will have to ask permission to continue operating at ever increasing frequency.

That is the future we have walked into.