If you need to renew the Always On VPN IKEv2 server certificate, here are three lines that will help you. Assuming you have the right certificate and the thumbprint, execute the following commands on the VPN server:

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\ | where { $_.Thumbprint -eq "thumbprint" }

Set-VpnAuthProtocol -CertificateAdvertised $cert

Restart-Service RemoteAccess

If these commands saved your day, leave a comment!