First time wildcard cert update for Exchange 2016 hybrid environment

I will be renewing the wildcard cert for our Exchange 2016 environment next week and wanted to ask for some guidance as this is the first time that I'm doing this.  We have 4 clustered exchange servers that sit behind a load balanced VIP that are running in hybrid mode with 99% of our mailboxes homed in O365.  I was able to import the new certs on each individual server and they’re showing up as valid in the ECP. 

I want to ensure that I’m not missing anything or performing the tasks in the wrong order when assigning these certs to Exchange services.  Here is what I have planned so far:

1. Run the Enable-ExchangeCertificate cmdlet and assign the new cert to the corresponding services (IIS and SMTP in this case).
2. Set the receive and outbound O365 send connector to use the new cert.
3. Use the IIS Manager to bind the new cert to the https service of the default web site.
4. Refresh the IIS service and possibly the transport service.
5. Observe the event viewer for any errors related to the new cert.

Are there any other things I need to consider when making this change?  I have a couple of specific questions:

• In the case of this not working, is it possible to re-bind the old cert to the IIS/send/receive connectors?  I’ve seen conflicting responses on the web and the old cert is valid for a few more days after my planned implementation.
• Will the Enable-ExchangeCertificate also bind the cert to the transport service?  I don’t see that service listed as an option and the event viewer is telling me that the STARTTLS cert and the transport cert have the same thumbprint so they seem to be the same.