However, I couldn't find what the proper procedure is to renew the certificate, and if I'm notified automatically when it is about to expire. Is there some documentation about this?

I don't think we have documentation on that.

DKIM keys are used to sign your mail so that the receiver can verify authenticity of the contents they're viewing. The public key needs to remain in DNS record for that verification years down the line, otherwise verification cannot occur.

The value of DKIM signing is more to do with verification in the short-term, such as when accepting the mail. There isn't much value of a DKIM private key being compromised when the mail has already been sent as that contents cannot be altered and the mail was already accepted.

Contrast to a TLS certificate, where you can impersonate a server identity, and if non-PFS cipher suite was used then decrypt any prior encrypted traffic (although it should be uncommon these days for non-PFS TLS connections).

I can't recall exact details, but DKIM keys being compromised was less impactful than TLS keys. Might have been due to TLS having a handshake step where the private key is necessary during the connection being established, while I don't think DKIM verification needs any interaction with the mail server beyond getting the DNS public key record it needs?

There is no notification support, but you could automate renewal or a notification to do so via a scheduled task (cron / systemd-timer) or reminder (for manual renewal)?

I believe the term for DKIM is called "rotating keys". Since you may not want to replace the DNS record of the public key, you would keep that, and add a new public key record for another DKIM public key paired to the new DKIM key. Then future emails use that DKIM keypair to sign and verify. How often you rotate is up to you, I think I've seen 6 months to 2 years advised elsewhere online.

• RSA 2048-bit keys have a symmetric security strength of approx 110-112 bits. IIRC this is roughly within the range of requiring enough compute energy to boil all the oceans in the world.
• RSA 512-bit keys were broken well over a decade or so ago with symmetric security strength of approx 57-64 bits (reference). These can be attacked quite affordably today on consumer hardware AFAIK, or cheap cloud compute.
• RSA 1024-bit at the time was assumed within the capability of larger well funded organizations. For context it has a symmetric security strength of around 80-bits (the 32-bit difference to RSA 2048-bit is 2^32, which is over 4 billion times more difficult). Compared to RSA 512-bit, there is about 8 million times difficulty increase in compute (assuming 2^23).
• Larger than RSA 2048-bit is a bit excessive IMO. ECC may be better option and by now should have much broader support with mail clients I think. ECC (ECDSA) instead of RSA should provide more security strength without the excess overhead RSA introduces in processing and traffic/storage (although not likely a difference for you to worry about).

RSA 2048-bit should be fine to continue with. The reason I provide the above information is that it's context for your rotation policy. Ignoring any other breaches to obtain a your DKIM private key, if someone was to invest the resources to brute force a solution, you can raise that symmetric security difficulty higher to offset the rotation time.

If my math is accurate though, and you take into consideration that you're probably not a target an attacker could justify spending that sort of money on to acquire your DKIM key to sign mail with, there's not much value in verification of existing mail that was already signed AFAIK?

The attacker would benefit investing the resources on more valuable assets, but for the cost it'd be more affordable to get private keys for TLS and DKIM via other means.

Thus you should be fine with RSA 2048-bit, and your rotation window is what an attacker could leverage if they acquire your DKIM key via other means. Which is access to your systems involved in generation/transfer and storage of the DKIM private key. If they have that, they can quite possibly continue to access it when you rotate keys.

At this point it's beyond my expertise to advise as I'm not a cyber-security specialist 😅

Also, it is possible (maybe not wise but still) to set the lifetime of the DKIM certificate? (I didn't see an option for this in the setup config dkim help page)

As we covered above, I don't think there is such a concept.

A TLS certificate (or rather X.509) provides all that extra information, whereas with DKIM we just have a private and public key, there is no other data associated to it as it only serves to provide trust via verification IIRC vs trust via authentication that TLS offers (handshake to server + third-party root CA verification).. It's been a while since I deep dived this topic, so I might be a little rusty with details, but that should be the gist of it.

I have a TODO task to simplify the DKIM generation so that it's more agnostic (OpenDKIM + Rspamd compatible), and more transparent with the keypair generation. You can refer to that if it helps provide more insight. You'll see there is no expiry date involved in the generation, nor does the tool (step) provide that as an option for this generation type.