I get where you are coming from, but there are some fundamental differences between passwords and SSL certificates that make it sensible to frequently rotate the latter but not the former.
Passwords need to be memorized, private keys do not. The FTC article from the “proven” link primarily pins the issue of password rotation in that it will result in people using passwords that are easier to remember (because they change frequently), but are weaker as a result. SSL private keys are not memorized.
When leaked, passwords are easily reset, SSL certificates are not. Either the account owner or a systems administrator can block the account and/or setup a new password the moment the breach is discovered. SSL certificates cannot be reliably rotated; SSL revocation is sketchy and not supported everywhere. So if a key gets leaked, you often cannot prevent it from being used completely.
SSL certificates can be obtained maliciously. If someone gets access to your domain’s DNS settings or web server or email account, they can use that to complete the domain verification to get a new SSL certificate. After plugging that hole, the shorter they will be able to use their “hacked” certificate, the lower the risk.
SSL certificates can be renewed automatically, passwords cannot. On premium hosting and Cloudflare for example, you never need to worry about SSL certificates, because the hosting system can autonomously get new certificates for you and install them through automation without anyone having to lift a finger. With passwords, all users need to come up with a new password, memorize them and configure them.
In both cases, I think the benefit of having short lived secrets isn’t that big in the grand scheme of things.
But if you have fully automated Let’s Encrypt certificates, it really makes no difference how long the certificates lasts, because it’s automatic anyways. So then why would you run unnecessary risk by having long lasting certificates?
Frequently rotating passwords has been proven to make the secrets themselves weaker. Which is evidence that password rotation is actually harming security.