The procedure is identical to renewal of regular Edge certificates. It helps if you have more than one Edge server, otherwise you are looking at a little downtime as you are recreating the subscription at some point. In short:
Import the new certificate on all Edge server(s) and internal Exchange servers running Exchange Hub Transports / Multi-Roles;
Enable the new certificate for SMTP services (Enable-ExchangeCertificate) on half of the Edge servers (this breaks mail flow for them), and also on internal Exchange Hub Transports / Multi-Roles.
On half of the Edge servers, recreate the subscription document (XML)
Using subscription documents from 3, recreate the Edge subscription on the internal Exchange Hub Transports / Multi-Roles, after removing the existing one.
Start-EdgeSynchronization - mail flow should now switch from 2nd half of Edge servers to 1st half that we touched in step 3
Run Test-EdgeSyncronization to validate
Perform step 2-5 for the 2nd half of the Edge servers