Arty29 No you will not need a new hub. Your existing Hub will begin serving a certificate that is rooted to the new root (DigiCert Global G2 Root) after the migration.
rameshkhot The new root will be DigiCert Global G2, after which Microsoft may decide to migration to a native MSFT root as mentioned. There is no 'guarantee' per se since the world of public PKIs is mired with compliance, regulatory, and security related issues that can mandate sudden change. The only way to be future proofed in a public PKI world is to have a robust update mechanism. IoT Hub is indeed working on a feature that will allow you to use your own custom endpoint protected with whatever cert/chain you wish, but that is not going to land in time for you to take advantage of for this specific migration. Please don't hesitate in opening a support request if you need additional help.
@all, please review the new and updated blog for this migration with the latest updates here.