I finally found a solution, after months of research with trial and error (mostly error). This solution is written in PHP using cURL.
Step #1 Generate a token:
$param = 'username=admin_user&password=admin_pass&client=ip&ip=10.10.10.15&f=json';
$url = 'https://domain.com:6443/arcgis/admin/generateToken';
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $param);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
$result = curl_exec($ch);
curl_close($ch);
$obj = json_decode($result);
$token = $obj->token;
The IP address listed in the $param line is the IP address where the request originates from. Once you have the token you can use it to install the new certificate with another cURL call:
Step #2 Install Certificate
$pfx = <curl_file_create('/folder/to/your/cert.pfx');
$params = array('token' => $token,'certPassword' => '<cert password>',
'alias' => '<unique name>, 'certFile' => $pfx,'f' => 'json');
$url = 'https:/domain.com:6443/arcgis/admin/machines/MACHINE NAME/
sslcertificates/importExistingServerCertificate';
$ch = curl_init();
curl_setopt<($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, Array("multipart/form-data"));
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $params);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
$res = curl_exec($ch);
curl_close($ch);
Replace <cert password> with the password for the PFX certificate and <unique name> with something other than what was previously installed - it's an alias name for the new certificate so you can easily tell which certificate in the cert store you want to assign to the machine.
Of course, you will still have to make other API calls to assign the newly installed certificate into the machine and perhaps some other clean up tasks like deleting the old cert, but this worked for me! I hope someone will find it useful.