Like any other X509 certificate, whether it’s an SSL certificate for a web server or the certificate for the OPC UA client and server, they will need to be periodically re-generated or re-signed.
This will be easier once we have a UI built for it and it will also allow you to set a much longer validity period if you want to avoid dealing with this.
In the future the centralized management of the various certificates used by Ignition (SSL, GAN, OPC UA) might be something the EAM module handles.
Edit: if you modify the internal “loop back” client/server connection to use no security and anonymous access the certificates will not be used and their eventual expiration will not matter. Enabling unsecured connections and anonymous access may or may not be a good idea depending on whether the server is configured to bind only to the loop back adapter (the default configuration in 8.0) or if it’s on a network where other clients might connect.