Although Exchange 2016 and 2019 are now out of support, some customers have purchased the Exchange 2016 and 2019 Extended Security Update (ESU). We have therefore decided that until the end of this E...
Published Nov 11, 2025
Version 1.0
Blog Post
Just a quick question related to public certificates and Exchange on-prem. As you know, the certificate life-time for public certificates will be shortened from 1 year to 47 days, so we have to automate the certificate renewals. While there are solutions like "simple-acme" and "CertifyTheWeb" and they work very well on single instances of Exchange servers, I have yet to find a solution if you have 2 or more DAGs behind a load balancer. There you have to ensure the load balancer and all the Exchange DAGs have the same certificates.
I guess you could write a script to copy PFX files around and import certificates, but this is a bit messy if everyone has to write there own scripts and do password handling for the PFX files etc.
Is there a plan to have something official from Microsoft built-in into Exchange to make this simpler?
Sorry to abuse this thread, but didn't find any other area where I could ask this.