Self-signed ProxySG-generated certificates have validity of 2 years since SGOS5.3.
This includes 'default' and 'passive-attack-protection-only-key' certificates.
Management Console login uses the "default" certificate.
The reasoning is convenience vs. security.
[Resolution plan 1]
If you want a certificate that is valid for 10 years, you can obtain a keyring/certificate from an external Certificate Authority (CA) and import it into the ProxySG appliance.
[Resolution plan 2]
Even if your certificate expires, you can log in to the ProxySG appliance. You can generate a new self-signed key for the appliance.
You can remake the key for the Management Console by selecting Configuration>SSL>Keyrings.
Add the newly created key by selecting Configuration>Service>Management Service>HTTPS-Console>Keyring.
This extends the validity of the certificate for two years.