When publicly signed certificate installed many years ago on ASA does expire and you request a new one from certificate provider all you get is just the new cert. If you are missing original private key you will need to perform these steps to get a new certificate installed on ASA. The solution is to create new Trustpoint but use old key pair bound to expired cert.
On certificate configuration page select Add Identity Certificate > Assign new name to Trustpoint > select existing Key Pair > Add certificate.
crypto ca trustpoint New_Cert
subject-name CN=**Your ASA Hostname**
crypto ca enroll New_Cert noconfirm
Disregard pop-up and click Cancel.
Next select Trustpoint you just created and click Install.
Browse to new certificate file you received from certificate provider and Install Certificate.
Select Ok when certificate import is successful.
crypto ca import New_Cert certificate nointeractive
Now go to your VPN Connection Profile and update device certificate with the new Trustpoint name.