Remote into MAIL01
Open certlm.msc as an admin
Under Personal > Certificates, locate a cert with the name "mail.lcso.org" (There may be multiple entries, look for the one with the furthest expiration date)
**IF all certificates in there are expired come see Nick D. Something may be broken again**
Open the Exchange Management Shell as an admin
Copy+Paste the below commands into the shell.
$thumbs = get-exchangecertificate | Where-Object {$_.FriendlyName -like "mail.lcso.org*" } | Sort-Object NotAfter -Descending | Select Thumbprint, NotAfter, Issuer, Subject
Enable-ExchangeCertificate -Thumbprint $thumbs.Thumbprint[0] -Services "IMAP,POP,SMTP,IIS"
$thePlug = Get-SendConnector | Where-Object {$_.Identity -like "Outbound*"} | Select-Object Identity
$newTlsName = "<I>$($thumbs.Issuer[0])<S>$($thumbs.Subject[0])"
Set-SendConnector "$($thePlug.Identity)" -TlsCertificateName "$newTlsName"
Start-Sleep 5
Restart-Service MSExchangeTransport
These commands will find the most recently created certificate and associate it with the servers functions.
If you receive errors from the above scrip it can sometimes mean that the correct certificate is already in use.
You should be able to verify that mail is being delivered through the Exchange Toolbox tool and opening Queue Viewer but this is not necessary. All of this just works. 16x the detail. 4x the size of Fallout 4.