Hi all, 

we are getting some problem from one of the external domain not getting through. there is a NDR to the sender '550 5.4.317 Message expired, cannot connect to remote server(CertificateExpired)'

I also run some test using checktls and it also report 

[001.696] Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve P-256 DHE(256 bits)
Certificate #1 of 3 (sent by MX): EXPIRED
Cert VALIDATION ERROR(S): certificate has expired
So email is encrypted but the recipient domain is not verified
ssl : scheme=smtp cert=94220930177
: identity=mail.domain.com cn=*.domain.com alt=2 *.domain2 domain.com
Cert Hostname VERIFIED (mail.domain.com = *.domain.com | DNS:*.domain.com | DNS:domain.com)
cert not revoked by OCSP
Data:
Version: 3 (0x2)
Serial Number: 0e:cd:b7:0b:82:c2:46:0b::5c:0b:b4:29:5f:e2
Validity:
Not Before: Oct 26 00:00:00 2021 GMT
Not After: Nov 26 23:59:59 2022 GMT

I have check all exchange server and mail security gateway, all using new ssl certificate.

can anyone shed some light on this matter. 

Thank you all