Hi,
Are you doing EAP termination on the controllers? If yes. Please ensure that you have the most current code. Second option is to submit a CSR from the controller and get a new cert install on the controller. Please also ensure to update the aaa profile with the right cert.
If you are not doing EAP termination on controller and using a CA SERVER in your AD forest with the RADIUS server that does 802.1x auth then I would suggest you to submit a new CSR from the RADIUS server and generate a new certificate from CA SERVER and load it as an authentication certificate on your AAA/RADIUS server.
Thank you.