I need to use Certify the Web to deploy an SSL cert to an on prem Exchange Server. I am migrating to Office 365 and there was an error with the migration process stating our cert is invalid (all the certs are self-signed). Should I let Certify the Web deploy a LetsEncrypt SSL for the following services: IMAP, SMTP, IIS, and POP? And will this cause disruptions with current users accessing their emails via outlook?
Sorry I’m not an Exchange administrator and don’t know what does or doesn’t cause disruption for users but I would suggest you use Certify to get a cert as a PFX file, then manually deploy it in Exchange as normal, possibly during your standard maintenance window, as it sounds like you will only need this temporarily.
Email clients are similar to web browsers in the way that they want the server they connect to have the name that the certificate states. If you had a self-signed certificate, then you already know what the server name would be. If you are able to get one for the same domain/sub-domain, then it should be fine? Unless you went around to everyone and set up exceptions.
I’m not Exchange expert either, but I have wrestled with other email servers/clients. I imagine that your self-signed certificate worked because of exceptions on all of the clients… or by self-signed, perhaps you meant AD issued?
If you can check one of your Outlook clients and see what server name they are connecting to and get a certificate for that exact name… I imagine there would not be a disruption.
Edit:
One last thing… email servers do not support SNI. What this means is that the email server cannot have multiple certificates for a given port/protocol. The one certificate you use must have all server name variations that the email clients might use to connect.