Most likely because the certificate has expired, there needs to be some means of distributing a new certificate. Likely way of doing this is to have a means of generating a new one prior to expiration, sending the new one through existing connections, and then forcing them to reconnect. When the old certificate expires, the clients will then use the new one. Any devices that did not receive the new certificate in time might need to be re-paired or something.
Most likely because the certificate has expired, there needs to be some means of distributing a new certificate. Likely way of doing this is to have a means of generating a new one prior to expiration, sending the new one through existing connections, and then forcing them to reconnect. When the old certificate expires, the clients will then use the new one. Any devices that did not receive the new certificate in time might need to be re-paired or something.