Why do you use such a value for SigningKeyLifetime when the default is 30 days already? You can just skip --signingkeylifetime and have medium term signing key valid for 30 days (1 month). I am not totally sure *1 months* is a valid argument here (could be, not sure)
--signingkeylifetime '1 months'
is fine (tested), it is not the same as 30 days (by a few hours) but otherwise it is ok.