Smartcard authentication broken after ssl cert renewal

We have a XenApp 6.0 farm with Wyse R10L clients.
Users authenticate using Smartcards through a Cherry keyboard with Smartcard reader connected to the Wyse.

Wnos.ini connection string to our Citrix Webinterface PNAgent site is:
PnliteServer=https://gdaxaw.domain.local/Citrix/PNAgent_SmartCard/config.xml ReconnectAtLogon=1 ReconnectFromButton=1 AutoConnectList=”farm:Desktop”

The root certificate of our own internal CA are added to the Wyse through the same wnos.ini:
AddCertificate=GDALIC.domain.local.crt

So far so good.
All users are able to connect and start their desktop session for the past (allmost) 2 years.

Now here’s the problem..

The SSL Webserver certificate (in IIS) on the Citrix Webinterface is expiring in 20 days.
We thought a simple renewal of the existing certificate will do the trick and we will have another 2 years of connecting without a problem.
This isn’t working…
As soon as we configure a new (renewed or totally new doesn’t matter) ssl cert on the website, clients are unable to connect.
Root certificates and Root CA are all the same.

These errors are logged on the Wyse:
08:07:53 SSL: error ERR_RSA_DECRYPTION!
08:07:53 SSL: unable to setup connection, (err=-7702)

As soon as we replace the new certificate on the Citrix Webinterface with the old one the clients can succesfully authenticate again.

Any thoughts as to how we can configure a new certificate on the Citrix Webinterface??