In a previous article, we installed Let's Encrypt in Exchange Server. Everything is working great…
How to check Let’s Encrypt certificate status? Let’s Encrypt is a great way to secure the Exchange Server. In our previous article, we explained how to install FREE Let’s Encrypt certificate in Exchange Server. Now that we requested a certificate from Let’s Encrypt on the Exchange Server, we like to verify Let’s Encrypt certificate status and if it’s installed correctly. In this article, you will learn how to check Let’s Encrypt certificate status.
Table of contents
Check Let’s Encrypt certificate status
It’s important to check the certificate after installing or updating the certificate on the Exchange Server. There are many ways to verify the new certificate in Exchange Server. I recommend checking the certificate in a couple of ways. Before we start, let’s have a look if the Let’s Encrypt scheduled task is configured.
Check Let’s Encrypt scheduled task
Let’s Encrypt issued certificate is only valid for 90 days. If you want to keep a valid certificate, you need to renew it. You can do it by following the install FREE let’s encrypt certificate in Exchange Server. I recommend making use of the scheduled task option in the Win-ACME client. The scheduled task will check every day to renew the certificate. The Win-ACME client renews the certificate if it’s older than 55 days. Remember to enable the scheduled task option as described in the article Install FREE Let’s Encrypt certificate in Exchange Server.
Start the Task Scheduler and verify that Win-ACME Let’s Encrypt is configured.
Check Let’s Encrypt certificate status in Exchange Admin Center
Log in to the Exchange Admin Center (EAC). Click servers in the feature pane and follow with certificates in the tabs. Click on the Let’s Encrypt certificate in the list view. More information about the certificate can be found in the details pane.
Do you want to get a list of certificates with PowerShell? Read the article Get Exchange certificate with PowerShell.
Check Let’s Encrypt status in the browser
Start a browser, in my example Firefox and type in the OWA URL. We can see that there is no more warning showing on the padlock icon in the toolbar. Clicking the lock icon will show that we are securely connected to this site. Verified by: Let’s Encrypt. If you don’t see it, clear the browser cache.
Start another browser. For example, Internet Explorer. Clicking the padlock icon in the toolbar will show that the connection to the server is encrypted.
DigiCert certificate checker
We are going to verify the Let’s Encrypt certificate with the DigiCert SSL certificate checker.
Enter the OWA URL of the Exchange Server, in my example mail.exoip.com. When entered, press the button Check Server. Have a look at the Subject Alternative Names, the certificate expiration, and that the certificate is correctly installed.
Microsoft Remote Connectivity Analyzer (MRCA)
Go to the Microsoft Remote Connectivity Analyzer page. Click Exchange Server in the feature pane and click Outlook Connectivity.
Fill in the credentials and click Perform Test.
After testing, the result is showing warnings.
When looking into the warnings, it’s showing the following:
The Microsoft Connectivity Analyzer can only validate the certificate chain using the Root Certificate Update functionality from Windows Update. Your certificate may not be trusted on Windows if the “Update Root Certificates” feature isn’t enabled.
It’s a warning that impacts older machines or those that don’t allow root certificate updates. It means that machines that don’t have the latest root certificates might not trust your certificate. You can safely ignore the warning.
I hope that it helped you to check Let’s Encrypt certificate in Exchange Server.
In this article, you learned how to check Let’s Encrypt certificate status in Exchange Server. Start a browser and go to the Exchange Server OWA URL. Check that the padlock icon is showing a secure connection. Use an external certificate checker to check the Exchange Server OWA URL. As of last, use Microsoft Remote Connectivity Analyzer (MRCA) to check the connection to the Exchange Server. Always verify after you do a configuration on a system. In this case, it was configuring Exchange Server for Let’s Encrypt.
If you enjoyed this article, you may also like Active Directory weak password checker. Don’t forget to follow us.