Is it time to renew your Domino ID Vault certificates?

IBM issued a Technote today detailing the procedure for renewing ID Vault Trust Certificates and Password Reset Certificates. They expire after 10 years. ID Vaults were first introduced in Domino 8.5, which was released December 2018, 10+ years ago now. So early adapters of the ID Vault will increasingly be having to renew their certificates.
The Technote describes:

• The error message that signals that your certificates have expired ("Not a valid ID or the ID is corrupted");
• The procedure for determining the expiration dates of your certificates; and 
• The procedure for renewing them. Unfortunately you can't just recertify them. You have to remove the expired ones then issue new ones.