Check Let’s Encrypt certificate status

How to check Let’s Encrypt certificate status? Let’s Encrypt is a great way to secure the Exchange Server. Our previous article explained how to install FREE Let’s Encrypt certificate in Exchange Server. Now that we requested a certificate from Let’s Encrypt on the Exchange Server, we would like to verify Let’s Encrypt certificate status and if it’s installed correctly. In this article, you will learn how to check Let’s Encrypt certificate status.

Table of contents

Check Let’s Encrypt certificate status

It’s important to check the certificate after installing or updating the certificate on the Exchange Server. There are many ways to verify the new certificate in Exchange Server. I recommend checking the certificate in a couple of ways. Before we start, let’s see if the Let’s Encrypt scheduled task is configured.

Check Let’s Encrypt scheduled task

Let’s Encrypt issued certificate is only valid for 90 days. If you want to keep a valid certificate, you need to renew it. You can do it by following the install FREE let’s encrypt certificate in Exchange Server. I recommend making use of the scheduled task option in the Win-ACME client.

The scheduled task will check every day to renew the certificate. The Win-ACME client renews the certificate if it’s older than 55 days. Remember to enable the scheduled task option as described in the article Install FREE Let’s Encrypt certificate in Exchange Server.

Start the Task Scheduler and verify that Win-ACME Let’s Encrypt appears in the list of tasks.

Check Lets Encrypt certificate status in Exchange Server scheduled task

Check Let’s Encrypt certificate status in Exchange Admin Center

Sign in to Exchange Admin Center (EAC). Click servers in the feature pane and follow with certificates in the tabs. Click on the Let’s Encrypt certificate in the list view. You can find more information about the certificate in the details pane.

Do you want to get a list of certificates with PowerShell? Read the article Get Exchange certificate with PowerShell.

Check Lets Encrypt certificate status in Exchange Server EAC

Check Let’s Encrypt status in the browser

Start a browser, in my example Firefox and type in the OWA URL. We can see that there is no more warning showing on the padlock icon in the toolbar. Clicking the lock icon will show that we are securely connected to this site. Verified by: Let’s Encrypt. If you don’t see it, clear the browser cache.

Check Lets Encrypt certificate status in Exchange Server firefox certficiate securely connected

Start another browser. For example, Internet Explorer. Clicking the padlock icon in the toolbar will show that the connection to the server is encrypted.

Check Lets Encrypt certificate status in Exchange Server internet explorer certficiate connection encrypted

DigiCert certificate checker

We will verify the Let’s Encrypt certificate with the DigiCert SSL certificate checker.

Enter the OWA URL of the Exchange Server, in my example mail.exoip.com. When entered, press the button Check Server. Have a look at the Subject Alternative Names, the certificate expiration, and that the certificate is correctly installed.

Check Lets Encrypt certificate status in Exchange Server DigiCert

Microsoft Remote Connectivity Analyzer (MRCA)

Go to the Microsoft Remote Connectivity Analyzer page. Click Exchange Server in the feature pane and click Outlook Connectivity.

Exchange Server Outlook Connectivity

Fill in the credentials and click Perform Test.

Fill in user credentials for Outlook Connectivity

After testing, the result shows warnings.

Outlook connectivity test details

When looking into the warnings, it shows the following:

The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the “Update Root Certificates” feature isn’t enabled.

It’s a warning that impacts older machines or those that don’t allow root certificate updates. It means that machines that don’t have the latest root certificates might not trust your certificate. You can safely ignore the warning.

I hope it helped you to check Let’s Encrypt certificate in Exchange Server.

Conclusion

You learned how to check Let’s Encrypt certificate status in Exchange Server. Start a browser and go to the Exchange Server OWA URL. Check that the padlock icon is showing a secure connection. Use an external certificate checker to check the Exchange Server OWA URL. As of last, use Microsoft Remote Connectivity Analyzer (MRCA) to check the connection to the Exchange Server. Always verify after you do a configuration on a system. In this case, it was configuring Exchange Server for Let’s Encrypt.

Did you enjoy this article? You may also like Active Directory weak password checker. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 3 Comments

  2. Really good instructions, very clear and it worked first time for me. That’s rare!

    Reply

  3. Ali,

    I’ve read a lot of how to stuff over the years, but it’s very rare, that someone knows what he does and is at the same time capable of language and takes the trouble to be so detailed that even the casual admin can do something with it. Your article series is good for the internet. Thanks for that.

    Stefano

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *