Now contact the IT-ServiceDesk by email to servicedesk@itc.rwth-aachen.de and inform the IT Center about the pending change of certificates.
After 2-3 days, you can change the order in the /etc/shibboleth/shibboleth2.xml file. Restart the Shibboleth service:
systemctl restart shibd
After a further 2-3 days, you can completely remove the old certificate. After doing this, you will need to restart Shibboleth again. Optionally, you can now send an additional email to servicedesk@itc.rwth-aachen.de to inform the IT Center that the change of certificates has been completed.