Code signed binaries for Windows should be timestamped. This would ensure the binaries are still accepted even after the certificates expired if their timestamp is before that expiration.

For details see:

• https://learn.microsoft.com/en-us/windows/win32/seccrypto/time-stamping-authenticode-signatures
• https://www.ssl.com/how-to/using-your-code-signing-certificate/#ftoc-heading-10