I received an email from Apple:
Your Apple Push Services Certificate will no longer be valid in 30 days. To generate a new certificate, sign in and visit Certificates, Identifiers & Profiles.
Is it right to just create a new certificate, an just let the old one expires? Or do we need to revoke the old one?
The important thing, in this situation, is to generate a new Apple Push Services Certificate and upload it to your Push Notification platform so that your notifications get signed with the private key of the new certificate.
After doing that, revoking or not the old certificate doesn't actually matter, since you are not using it anymore.