New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ImportExchange script needs additional steps #2075
Comments
I don't know enough about Exchange to make any authoritative comments on those commands, I just know that there are many different versions and deployment scenarios, perhaps too many for one (example) script to rule them all. My advice would be to create your own copy of the example, modify it to your needs, and point your renewal to use that one. I'm happy to accept PR for an improved example but I'd only trust if it was tested on multiple versions of Exchange. |
We have the same with Exchange 2016 and 2019. I will try the mentioned commands and see if they help. Unfortunately i don*t have time in the next two weeks for testing but i hope these commands will solve this problem. |
Did you setup these certificates via the command line or the interactive menu? I used the command line text as noted in the example on Exchange 2019 and it's been working without any issues. I've got 10 renewals that have worked great, the certificate updated and applied to the appropriate services, and the old one removed. |
@Legacy777 I have done it using the command line. |
@mauriciocirelli, sorry I didn't pay attention to the date on this. |
Please note that
applies to the Exchange Server Auth Certificate only. The Certificate issued with win-acme is only for front end connectivity. |
I'm just about to try this on an MSX 2010 box and will report back what happens.. Probably on Monday/Tuesday 15th 16th. |
OK, I tried this on an MSX 2010 box, using the 'v1' ImportExchange.ps1 script, and it seems to be working fine. The sample script looks like this: I changed the --host names to match what I needed, and set the 'clean up old certs' flag from '1' to '0' , so IIS,SMTP,IMAP' 1 becomes IIS,SMTP,IMAP' 0 The first time I ran it th logs showed warnings for the IIS bindings: And indeed this was true. So I ended up with 4 more bindings, one for each --host value,as well as the 2 default ones. This still seems to work fine, OWA works and SMTP is using the correct cert. The second time I ran the script I got no warnings or errors - so I can confirm it works fine with MSX 2010 - out of the box. Great stuff. |
Dear,
I have been using win-acme to renew Microsoft Exchange 2013 certificates for my organization for several months so far.
Everytime a certificate is renewed, I get certificate warnings on OWA.
In order to fix it, I have found that I had to run the following commands in Exchange Management Shell:
Set-AuthConfig -NewCertificateThumbprint {{THUMBPRINT}} -NewCertificateEffectiveDate (Get-Date)
Set-AuthConfig -PublishCertificate
Set-AuthConfig -ClearPreviousCertificate
Doing so and restarting Microsoft Exchange Service Host and WebAppPools (OWA and ECP) fixes the issue.
It seems that the script is installing the certificate but it is not publishing it.
Any thoughts would be much appreciated.
Thank you.
The text was updated successfully, but these errors were encountered: