Exchange 2013/2016 Cumulative Updates failing to Apply with Let's Encrypt Cert

  • Just wanted to let anyone using Exchange 2013/2016 and Let's Encrypt the following issue when applying the CUmulative Updates for Exchange. You might get this message on Step 16 out of 18 or 9 of 11 of the installer

    Mailbox role: Transport service FAILED
    The following error was generated when “$error.Clear();
    Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
    if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
    Install-AuthCertificate -DomainController $RoleDomainController
    ” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired.
    at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception
    , ErrorCategory errorCategory, Object target, String helpUrl)
    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception
    , ErrorCategory category, Object target)
    at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCert
    at Microsoft.Exchange.Configuration.Tasks.Task.b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String fun
    cName, Action func, Boolean terminatePipelineIfFailed)”.

    So to address the issue, do either of the following guides:

    Reported issue here: