Really Dumb Question - How do i Renew My Certificate

So i Know this is a really dumb question, however i feel i must anyways, my problem is i have an Microsoft exchange sever with our emails (mikrolink.com) and recently we have began to get certificate issues which for the most part we can tell outlook yes and thats that until we open outlook again the the message comes back, so i logged onto the server to renew the certificate and see that it was originally issues by Lets Encrypt, so my question is how can i renew this certificate, what is the commands to run to get the certificate, im not the most tech savy when it comes to hosting and such, now the reason for this stupid question and why im so stupid with all this is, the guy to took care of all this recently left and failed to share his knowledge or leave any inkling of what he set up or have done previously so im kind of flying blind trying to solve issues that well frankly are not in my field of expertise, now with that said, until further notice i am the ONLY one who will be taking care of this stuff moving forward, i was able to log onto the server and through the IIS Manager i was able to create a certificate request, which seems to generate a file for me to submit, or content to submit, but i have yet to figure how or where to submit that file/content, i have looked and do not see any client software like certbot or anything on the server, so im not entirely sure how the certificate was obtained originally.

Any and all help with my really dumb question is greatly appreciated,

Thanks

My domain is: mikrolink.com

I ran this command: N/A

It produced this output: N/A

My web server is (include version): N/A

The operating system my web server runs on is (include version): Windows Server 2012

My hosting provider, if applicable, is: Exchange

I can login to a root shell on my machine (yes or no, or I don't know): N/A

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Try to find out if you have either of these on your server:

• GitHub - rmbolger/Posh-ACME: PowerShell module and ACME client to create certificates from Let's Encrypt (or other ACME CA)
• https://www.win-acme.com/
• https://certifytheweb.com/

there doesnt seem to be any of those on the server at all

Just adding to what 9peppe suggested. You can see your cert history here. Your have a current cert for a robincloud domain that looks to be auto-renewing and does not expire until Jun29.

A Let's Encrypt cert for mail.mikrolink.com expired over 2 years ago. So it would be helpful to know which domain name you are seeing as expired.

robin (robincloud.mikrolink.com) is the individual who has since left and did not give any ideas to how he has set this all, we contacted him and his response was simply to log onto the server and "renew" the certificate and that it should be instant, however thats all the info he gave and nothing else

Yeah, as I said, the robincloud cert seems to be fine and auto-renewing on a 60 day schedule. Is that the one you are trying to understand?

That mail subdomain cert you show expired over 2 years ago. I am puzzled if that is the problem cert why you are just noticing it now.

so as i mentioned Robin is no longer here, i handled the Physical side of things and handled the software side of things, he decided to leave without notice, and did not leave any documentation or info regarding our mail servers, this issue came up right after he left where my boss added robin's email to his own outlook so he can see any and all emails that robin was getting, upon doing so right away he starting gettings a trust certificate issue message pop up in outlook, we tried creating an all new profile and not adding robins email but now my boss constantly gets this message pop up regarding the certificate expired each time he opens outlook, and that's when we got in touch with robin to ask about it and gave us the very vague (lack of info) response to just renew on the server and it will be instant now with that said, the robincloud.mikrolink.com.....even i dont see that on my end in the IIS manager

This is all i see in IIS manager, so perhaps im looking in the wrong place, again im sorry for my lack of knowledge, im not a software/webhosting kind of tech i usually take care of physical hardware

Did you look at your cert history I showed? Because what you describe seems more like an Outlook config problem rather than one with certs. I can't believe the mail.mikrolink.com cert that expired 2 years ago was being used even before Robin left

The robincloud.mikrolink.com cert does not expire until end of June. It looks to be auto-renewing but you need to find where. I don't think that's related to the Outlook problem you describe but something additional to sort after.

I don't know enough about IIS Manager to help further. Maybe try posting in an Outlook forum or perhaps a Windows expert that volunteers here might help.

this what we are now getting which is why we assumed certificate error, and also when asking robin he said to just renew the certificate rather than outlook issue

Yeah, that cert expired over 2 years ago! That can't be a new problem. Are you sure you are connecting to your current mail server?

I think you are confusing your website domain and cert with your mail server. The robincloud domain cert is fine which you can check with this website.

For Let's Encrypt (on Windows) you don't use the built in Certificate Request (CSR) features of windows such as in IIS etc, instead whichever tool you use will generate the CSR automatically and submit it to Let's Encrypt to finalize your certificate.

At a guess I'd say you used win-acme or Certify The Web, so have a look under C:\ProgramData (normally a hidden folder) and see if you have either a win-acme folder or certify folder, that will be your clue. win-acme doesn't install to a standard location under program files so it could be under some other custom folder like C:\win-acme or C:\tools etc - there are a few other ways it could have been done (even created on a different machine then deployed manually).

For exchange you can use the exchange administration console UI on the exchange server to re-configure the certificate, it can also be scripted via Powershell (Certify The Web has a basic Exchange deployment task you can add but your mileage may vary). win-acme also has a script they recommend for exchange. If you are into PowerShell there will also be Posh-ACME scripts to do the same.

If in doubt I'd recommend getting an experienced administrator to help with this problem and get you setup with an automated certificate renewal so you don't have the problem again. I'd also recommend taking the chance to migrate to a newer version of Windows Server if you intend to stay with self-hosted exchange (if it's a hassle then I'd suggested migrating to Microsoft 365 cloud hosted exchange etc).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.