SSL Certificates can typically only be renewed in the 30 day window prior to their expiration.
SSL validity is ensured in part by verifying that the certificate has not been tampered with, this is accomplished with a 'Secure Hash Algorithm'. The most common algorithm currently in use is 'SHA-1'.
Services are beginning to migrate to SHA256 as this makes it harder for attackers to manipulate or spoof your connection and in the next few years SHA256 will be a requirement.
Some older devices and browsers still rely on SHA1.
All certificates issued after Jan 1, 2014 need to be have at least a 2048 bit key length. Optimal key sizes are a balance between security and speed and the current recommendation is 2048.
This is an optional requirement as your web application may or may not need to be fully SSL secured.
You'll need to implement this in your application.
HTTP Strict Transport Security (HSTS) is a HTTP response header that is set on your web application server. Supporting browsers read the header which contains an expiration max-age value and will NOT reconnect on a plain HTTP connection until the max-age value is exceeded. HSTS prevents a variety of attacks where an intermediary could disrupt or spoof connections.
You'll need to implement this in your application.
More HSTS information at: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
POODLE is a SSL attack that compromises connections by manipulating the SSL setup between a browser and a web server. It only effects older versions of the SSL library installed on web servers and then only certain cipher sets within that SSL version.