When certificates are renewed, you can do sudo service apache2 reload to tell Apache to reload configuration. This triggers Apache to look at the certificate files again and use the updated file for future incoming HTTPS connections, without having to drop current connections. Stunnel does similar.

It would be good to have that kind of ability. Apache and Stunnel are running separate instances to serve each client though as I understand it, so for a multi-user program to do the same thing, it may be more complicated internally.

Instead of using a signal like apache or stunnel, I would have an efun trigger it. Something like tls_reload and have the game restrict it similar to shutdown.