It's possible that TCP traffic will go down after certificate renewal.
This issue occurs when you set up Stateful Firewall .

This cause is that the VCMP tunnel is renewed and the firewall session is deleted when  the certificate is renewed. As the TCP session is not disconnected, the 3-way handshake will not start. The stateful firewall will block the traffic as it considers it to be incorrect as there is no 3-way handshake.

To resolve this, you will need to disconnect and reconnect the TCP traffic. Alternatively, you can disable the stateful firewall.

VMware SD-WAN: VCE Links DEAD briefly after certificate renewal