An expired certificate is a valid certificate where the end date (“expires-on date”) baked into the certificate is in the past.
A revoked certificate is a valid certificate that passes all checks on the certificate itself but where a supplementary check (e.g. via OCSP or CRL) shows that the issuer has revoked the certificate.
There are any number of invalid certificate scenarios but the most common in my experience is: don’t have a valid certification chain e.g. can’t follow the chain from the actual certificate owner to the Certificate Authority that signed it, to the CA that signed that, …, to a root Certificate Authority that is baked into the operating system or other software that is attempting to validate the certificate - for example, a self-signed certificate - or a root CA that I have chosen not to trust.
A common different type of scenario is that the certificate itself passes all checks (valid, not expired, not revoked) but it certifies a domain other than what the client is expecting ! This is typically a misconfiguration, intentional or otherwise, but could in theory be a MITM attack.