Exchange 2013/2016 Cumulative Updates failing to Apply with Let's Encrypt Cert



  • Just wanted to let anyone using Exchange 2013/2016 and Let's Encrypt the following issue when applying the CUmulative Updates for Exchange. You might get this message on Step 16 out of 18 or 9 of 11 of the installer

    Mailbox role: Transport service FAILED
    The following error was generated when “$error.Clear();
    Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
    if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
    {
    Install-AuthCertificate -DomainController $RoleDomainController
    }
    ” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired.
    at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception
    , ErrorCategory errorCategory, Object target, String helpUrl)
    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception
    , ErrorCategory category, Object target)
    at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCert
    ificate.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String fun
    cName, Action func, Boolean terminatePipelineIfFailed)”.
    

    So to address the issue, do either of the following guides:

    https://practical365.com/exchange-server/expired-certificates-cause-exchange-cumulative-updates-fail/
    or
    https://www.stephenwagner.com/2019/02/19/exchange-2016-cu12-install-upgrade-fails-using-lets-encrypt-ssl-cert/

    Reported issue here:
    https://github.com/PKISharp/win-acme/issues/1074