Code signing certificates are valid from 1 to 5 years. When your certificate expires only your ability to create new signatures is affected, past signatures remain valid as long as you used a timestamp when you sign.

Comodo provides a timestamp server free to any certificate holder, the URL is http://timestamp.comodoca.com/authenticode - that URL can be passed to signing utilities like Microsoft's signtool.exe. If you're using K Software's free signing utility, kSign, then you do not need to worry about it because kSign timestamps automatically. You should always use a timestamp!