Exchange 2013/2016 Cumulative Updates failing to Apply with Let's Encrypt Cert
-
Just wanted to let anyone using Exchange 2013/2016 and Let's Encrypt the following issue when applying the CUmulative Updates for Exchange. You might get this message on Step 16 out of 18 or 9 of 11 of the installer
Mailbox role: Transport service FAILED The following error was generated when “$error.Clear(); Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true) { Install-AuthCertificate -DomainController $RoleDomainController } ” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired. at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception , ErrorCategory errorCategory, Object target, String helpUrl) at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception , ErrorCategory category, Object target) at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCert ificate.InternalProcessRecord() at Microsoft.Exchange.Configuration.Tasks.Task.b__b() at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String fun cName, Action func, Boolean terminatePipelineIfFailed)”.So to address the issue, do either of the following guides:
https://practical365.com/exchange-server/expired-certificates-cause-exchange-cumulative-updates-fail/
or
https://www.stephenwagner.com/2019/02/19/exchange-2016-cu12-install-upgrade-fails-using-lets-encrypt-ssl-cert/Reported issue here:
https://github.com/PKISharp/win-acme/issues/1074
