You typically generate new certificates only if you change the host name or accidentally delete the certificate. Under certain circumstances, you must force the host to generate new certificates.
Status of ESXi certificate
It is possible to check certificate with login to ESXi:
How to regenerate new ESXi certificate?
Login via ssh to ESXi in maintenance mode:
cd /etc/vmware/ssl mv rui.crt orig.rui.crt mv rui.key orig.rui.key /sbin/generate-certificates reboot
What to do next
Consider replacing the self-signed certificate and key with a trusted certificate and key.