If the certificate is expired, clients should not send their credentials to the RADIUS server and will not continue with authentication.
When the certificate is replaced, most clients will receive a popup asking them to verify the new certificate.
Are you managing 802.1X through an MDM, group policy, etc?
Thanks,
Tim