skip to Main Content

Check Let’s Encrypt certificate status

How to check Let’s Encrypt certificate status? Let’s Encrypt is a great way to secure the Exchange Server. In our previous article, we explained how to install FREE Let’s Encrypt certificate in Exchange Server. Now that we requested a certificate from Let’s Encrypt on the Exchange Server, we like to verify Let’s Encrypt certificate status and if it’s installed correctly. In this article, you will learn how to check Let’s Encrypt certificate status.

Check Let’s Encrypt certificate status

It’s important to check the certificate after installing or updating the certificate on the Exchange Server. There are many ways to verify the new certificate in Exchange Server. I recommend checking the certificate in a couple of ways. Before we start, let’s have a look if the Let’s Encrypt scheduled task is configured.

Check Let’s Encrypt scheduled task

Let’s Encrypt issued certificate is only valid for 90 days. If you want to keep a valid certificate, you need to renew it. You can do it by following the install FREE let’s encrypt certificate in Exchange Server. I recommend making use of the scheduled task option in the Win-ACME client. The scheduled task will check every day to renew the certificate. The Win-ACME client renews the certificate if it’s older than 55 days. Remember to enable the scheduled task option as described in the article Install FREE Let’s Encrypt certificate in Exchange Server.

Start the Task Scheduler and verify that Win-ACME Let’s Encrypt is configured.

Check Lets Encrypt certificate status in Exchange Server scheduled task

Check Let’s Encrypt certificate status in Exchange Admin Center

Log in to the Exchange Admin Center (EAC). Click servers in the feature pane and follow with certificates in the tabs. Click on the Let’s Encrypt certificate in the list view. More information about the certificate can be found in the details pane.

Do you want to get a list of certificates with PowerShell? Read the article Get Exchange certificate with PowerShell.

Check Lets Encrypt certificate status in Exchange Server EAC

Check Let’s Encrypt status in the browser

Start a browser, in my example Firefox and type in the OWA URL. We can see that there is no more warning showing on the padlock icon in the toolbar. Clicking the lock icon will show that we are securely connected to this site. Verified by: Let’s Encrypt. If you don’t see it, clear the browser cache.

Check Lets Encrypt certificate status in Exchange Server firefox certficiate securely connected

Start another browser. For example, Internet Explorer. Clicking the padlock icon in the toolbar will show that the connection to the server is encrypted.

Check Lets Encrypt certificate status in Exchange Server internet explorer certficiate connection encrypted

DigiCert certificate checker

We are going to verify the Let’s Encrypt certificate with the DigiCert SSL certificate checker.

Enter the OWA URL of the Exchange Server, in my example mail.exoip.com. When entered, press the button Check Server. Have a look at the Subject Alternative Names, the certificate expiration, and that the certificate is correctly installed.

Check Lets Encrypt certificate status in Exchange Server DigiCert

Microsoft Remote Connectivity Analyzer (MRCA)

Go to the Microsoft Remote Connectivity Analyzer page. Click Exchange Server in the feature pane and click Outlook Connectivity.

Check Lets Encrypt certificate status in Exchange Server Outlook Connectivity

Fill in the credentials and click Perform Test.

Check Let's Encrypt certificate status in Exchange Server Outlook Connectivity credentials

After testing, the result is showing warnings.

Check Let's Encrypt certificate status in Exchange Server Outlook Connectivity results

When looking into the warnings, it’s showing the following:

The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the “Update Root Certificates” feature isn’t enabled.

It’s a warning that impacts older machines or those that don’t allow root certificate updates. It means that machines that don’t have the latest root certificates might not trust your certificate. You can safely ignore the warning.

I hope that it helped you to check Let’s Encrypt certificate in Exchange Server.

Conclusion

In this article, you learned how to check Let’s Encrypt certificate status in Exchange Server. Start a browser and go to the Exchange Server OWA URL. Check that the padlock icon is showing a secure connection. Use an external certificate checker to check the Exchange Server OWA URL. As of last, use Microsoft Remote Connectivity Analyzer (MRCA) to check the connection to the Exchange Server. Always verify after you do a configuration on a system. In this case, it was configuring Exchange Server for Let’s Encrypt.

If you enjoyed this article, you may also like Active Directory weak password checker. Don’t forget to follow us.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect and IT Consultant. His specialism is designing and building complex enterprise environments. He started Information Technology at a very young age, and his goal is to teach and inspire others. Connect with ALI TAJRAN on social media. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top