OK I think I do now see what you’ve seen all along:
He doesn’t want to renew and manually change the private key early, he wants the cert to expire sooner.
To ease his fears of “exposure”.
I can’t say I understand the fear, nor the use case, but I do see the request now for what that’s worth.
And I do agree that if 90 days is the maximum, then we should be allowed to request less than an 90 day expiration. For his case he should be allowed to request his certs for 30 days and renew them every 21 days.
More choices always equals happier customers