Power off and snapshot both RLA and MRS ADFS servers. (Not at the same time) - last time I did this I powered off MRS, snapshot, powered it back on, powered off RLA, snapshot, powered it back on. 
MS KBA: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa

There should be no outage as long as one of the AD FS servers is working.

• Remote onto RLA-ADFS01
  
  
• Ensure MS Graph is available on both AD FS servers prior to starting this
  
  
• Open the local computer certificate store and ensure you are able to see the AD FS MFA certificate
  
  
  
  
  
  
  
  
• Generate a new certificate by running the following command in PowerShell: ONLY ADD RENEW IF THE CERTIFICATE HAS NOT ALREADY EXPIRED - it's safe to delete the certificate from the local computer store if it has already expired (Needed to do this last time)
  $newcert = New-AdfsAzureMfaTenantCertificate -TenantId <tenant id such as contoso.onmicrosoft.com> -Renew $true
  
  
  
  
• Then run the following command to add the certificate to the Azure MFA service principal
  
  
  
• Restart the AD FS service to start using the new certificate.
  
  
  
• Use this command to check the current certs on the Azure service principal 
  
  
• $sp = Get-MgServicePrincipal -Filter "appid eq '981f26a1-7f43-403b-a875-f8b09b8cd720'"

  
  

  $sp.KeyCredentials | Select-Object `

  KeyId,

  DisplayName,

  StartDateTime,

  EndDateTime,

  Type,

  Usage