I took the system down to snapshot it prior to making any configuration changes. Once it came back up my OIDC clients started working again and now the oxauth.log is stating that the same key with a different alias is about to expire (also states it will be regenerated). Looking at the certs in the UI (configuration -> certificates) none of these are set to expire until the end of this year at the earliest?
I went through the documentation in the link you sent and it is not very clear on what keys need to be regenerated and the parameters that should be used to do so.