I have ran into same issue on AKS cluster and dapr was installed as a Microsoft extension. But the steps are pretty much the same.
If you want to achieve zero downtime you need to bring your own certificates generated with OpenSSL for example. The guide to do it is here. Another fast option is just to renew the certificate with this command:
dapr mtls renew-certificate -k --valid-until {days} --restart
Where {days} can be a couple of years if don't want to renew it every year, which is the default behavior if you don't specify --valid-unitil.
Then you need to restart all deployments that are using dapr sidecar container.
kubectl rollout restart deployment -n {namespace}