I agree with Tim on this, use the same EAP cert and it is not related to the hostname of the (ClearPass) server, so that is why you can use the same on all servers.
In case you need to go through a re-onboarding process, one approach that works is to create a new, additional Onboard CA. That allows you to change names, certificate/CA lifetimes and other settings in the same run. Then have that CA issue the new client certificates. If a client authenticates with a certificate issued by the old CA, you can redirect the client into the provisioning process to get a new cert enrolled. If you see the message that the client is already provisioned, you can follow the link which adds something like reprovision=1 to the URL. If you add that in the redirect URL, users will no longer see that page.
In this way, all users can be provisioned with a new client certificate and Onboard settings.
Again, probably not needed in your case, but may be useful for others.