I run my own IMAP server on my own machine, and am the only user of it. The server uses a self-signed certificate that I generated with OpenSSL. I don't use the certificate for any other purpose. I connect to the server only from the local machine, and from my laptop when travelling, and I make sure to validate the certificate's information and fingerprint when prompted by the e-mail clients. (Normally this happens only when I first configure my e-mail client to connect to the IMAP server, or when the certificate gets changed.)
There are plenty of guides on the Internet urging administrators to limit the duration of their self-signed certificates to no more than 12 months. But I would rather not have to remember to periodically issue a new certificate every year. (It can be a pain if the certificate expires while I'm travelling and whatever Internet connection I'm using blocks SSH connections.) For my specific scenario, is there any reason why I couldn't set the expiration of my self-signed certificates for much farther in the future (say, 5 or 10 years)? What specific security risks might this entail in my case?
I suppose the key might get stolen by a third party, who would then have much longer than 12 months to misuse it. But even in that case it's not clear to me what damage they could do to me or to others, particularly if I had created the certificate with fictitious personal information.
I'm aware that I could instead use a CA like Let's Encrypt and set things up to automatically get a new certificate on expiry. But before I go to the trouble of setting this up, I just want to know what the risks are, if any, in using long-lived self-signed certificates. Also note that I'm not asking about the disadvantages of using self-signed certificates in general; my question is specifically about their length of validity for a setup like mine, where I'm the only user of the certificate.
