I have a successful connection with an ESP32 and aws. Now, I have read, that the certs have an expiration date. So is it possible to extend the date or is it necessary to change the certs. If it is necessary is there a way to change it automatic?
If you use the certificates that AWS IoT core generates for you, then they will expire at midnight UTC on December 31, 2049. The same site states:
Devices and clients must also support rotation and replacement of certificates to help ensure smooth operation as certificates expire.
So if you expect your ESP32 to live and work for almost 28 years, then you have to make sure you can rotate/replace the certificates. You could write some software that enables you to change the certificates through AWS IoT jobs. Generate a new certificate before the current certificate expires. Put the new certificate on S3 and send a pre-signed URL to your device through an AWS IoT job that will trigger a script (you have to write this script) to download the new certificate and replace the current one.
Keep in mind that it's likely you won't only have to replace the device certificate sooner or later but also the CA, in case it expires or AWS decides to change the root CA. Which happened before.
Alternatively, you can create your own CA with its own expiration date and use this for your device. In this case you could set your expiration date to 100 years in the future, which would be fine for your private setup but not for production use with multiple devices distributed across the country or even globe.