Sorry to hear this, that must be quite challenging.
So you are correct, you don’t need to generate certs on the same machine that will use them, it’s just more convenient because you can run deployment scripts on the same machine automatically when the cert renews. SBS 2008 is too old for any current version of Certify so you are going to need to get your certs on another machine and copy them across then install them.
To circumvent the app closing on update check you’d need to temporarily block update checks on startup, so edit the file C:\ProgramData\Certify\appsettings.json and set
"CheckForUpdatesAtStartup": true to
Have a look under Add/remove programs to find out the currently installed version number of Certify then drop an email with the details to
support at certifytheweb.com and I’ll try to help from there. I suspect you probably have version 3.x because it sounds like you are hitting the mandatory upgrade which we only use if your version is so unsupported that it’s just not going to work any more (Let’s Encrypt have changed their API multiple times over the years).
We need to figure out if your old renewals used any scripts, if so it’s important to find those and grab a copy as this could be useful to automate future cert updates.
In the meantime, you can use a different machine to get a certificate for the names you need (I believe for Exchange your cert will usually include
autodiscover.yourdomain.com then whatever names the mail services have, like
You will need to use DNS validation ( the Authorization tab) because http validation only works from the same machine operating those services. If we don’t have support for your DNS provider API check out Certify DNS (https://docs.certifytheweb.com/docs/dns/providers/certifydns). If you need help with that or have other questions please ask in your support ticket email.
Once you have a cert generated on a different machine you can copy the PFX file using a script or Task (the Certificate Export task will give you a PFX in the destination of your choice), or manually via Certificate > Advanced > Actions (copy the path). You will then need to import the certificate into the certificate store of the target machine, then run whatever Exchange Admin UI you have to assign the certificate to all the services.