I have a working Exchange 2016 on premise. We have an SSL certificate which expires soon so I want to replace it. I purchased a new certificate and installed in on the server using mmc. When I go to Exchange admin center I can see it under Servers -> Certificates.
I enable the certificate using the Exchange admin center or PowerShell:
Enable-ExchangeCertificate -Thumbprint <Thumbprint new certificate> -Service POP,IMAP,IIS,SMTP
Both of these methods work fine for IIS and when I open the OWA the new certificate is shown correctly.
However, when I remove the old certificate (either using the Exchange admin center, Remove-ExchangeCertificate or mmc), SMTP stops working immediately. If I run a test using a .net application, it fails with the error:
Server does not support secure connections.
If I install the old certificate again using mmc, everything works fine immediately again.
My questions is how can I make the new certificate be the only one used and remove the dependency on the old one which will expire soon?
Edit: Found the solution from STUBB0 from https://community.spiceworks.com/topic/2205435-msexchangefrontendtransport-event-id-12014