we are getting some problem from one of the external domain not getting through. there is a NDR to the sender '550 5.4.317 Message expired, cannot connect to remote server(CertificateExpired)'
I also run some test using checktls and it also report
[001.696] Connection converted to SSL SSLVersion in use: TLSv1_3 Cipher in use: TLS_AES_256_GCM_SHA384 Perfect Forward Secrecy: yes Session Algorithm in use: Curve P-256 DHE(256 bits) Certificate #1 of 3 (sent by MX): EXPIRED Cert VALIDATION ERROR(S): certificate has expired So email is encrypted but the recipient domain is not verified ssl : scheme=smtp cert=94220930177 : identity=mail.domain.com cn=*.domain.com alt=2 *.domain2 domain.com Cert Hostname VERIFIED (mail.domain.com = *.domain.com | DNS:*.domain.com | DNS:domain.com) cert not revoked by OCSP Data: Version: 3 (0x2) Serial Number: 0e:cd:b7:0b:82:c2:46:0b::5c:0b:b4:29:5f:e2 Validity: Not Before: Oct 26 00:00:00 2021 GMT Not After: Nov 26 23:59:59 2022 GMT
I have check all exchange server and mail security gateway, all using new ssl certificate.