If you need to renew the Always On VPN IKEv2 server certificate, here are three lines that will help you. Assuming you have the right certificate and the thumbprint, execute the following commands on the VPN server:
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\ | where { $_.Thumbprint -eq “thumbprint” }
Set-VpnAuthProtocol -CertificateAdvertised $cert
Restart-Service RemoteAccess
If these commands saved your day, leave a comment!