The P at the beginning of 'PEAP' stands for "Protected" and is usually a certificate-based TLS "wrapper" for the EAP exchange of user credentials.
Given that your certificate is long-expired, I'd expect that you've been telling your Windows 7 and 8 systems to ignore server validation. I don't know what changes if any were made in Windows 10, but I'm sure the options have moved around. It's even possible MS has tightened security and made it harder to use self-signed and expired certificates.
You'll need to poke around in your WLAN settings on the clients to get them to accept the RADIUS server certificate.
If you can post screenshots of bits of it, we could help you figure it out.