The industry has been pushing all certificate authorities to use shorter lifetimes recently. You will no longer be able to get publicly-trusted certificates with lifetimes much longer than one year:
Let’s Encrypt has encouraged this kind of change and encouraged everyone to automate certificate renewal. As @JuergenAuer said, Let’s Encrypt’s certificates
The 60 day interval that your colleague mentioned is Let’s Encrypt’s recommendation for when to (automatically) replace the certificate.
Hopefully your SAP environment has an API that could be used to update the certificate from software, in combination with one of the Let’s Encrypt client applications that @JuergenAuer mentioned. If not, consider using a reverse proxy to terminate incoming HTTPS requests and forward them to your SAP application. For example, you could use an nginx or Caddy server to receive the HTTPS connections and then forward them to SAP. This process can be extremely simple with Caddy!
(As Caddy has its own built-in automated Let’s Encrypt client, it would also handle all of the certificate requests and renewals for you.)