Revoking certificates is a hard problem (how do you know if the CRL is blocked by an attacker, or just down right now?), so instead we rely somewhat on the certs expiring after a while so that they'll eventually get replaced. It also offers some mitigation against certs being stolen without you realising, as they have a limited lifetime.

It's the same theory with passports, credit cards etc.