Is it possible to change the expiry threshold for expiring certificates in Exchange? (Event 12018)

Question

We've recently switched to using LetsEncrypt for our Exchange certificates, which have a maximum validity of 90 days.

Unfortunately this means I'm being pestered with tickets generated by our monitoring system due to Event 12018 occurring.

Application log generated Error Event 12018 on <myserver>

Log: Application
Type: Error
Event: 12018
Agent Time: 2018-05-18 00:00:30Z
Source: MSExchangeTransport
Category: TransportService
Username: N/A
Computer: <myserver>.local
Description: The STARTTLS certificate will expire soon: subject: CN=Let''s Encrypt Authority X3, O=Let''s Encrypt, C=USCN=<mydomain>, thumbprint: <certthumbprint>, hours remaining: 2159. Run the New-ExchangeCertificate cmdlet to create a new certificate.

2159 hours is 89.95 days.

Is it possible to change this threshold to something like 336 hours (2 weeks)?

score 0 · Answer 1 · answered May 18 '18 at 01:58

0

Never heard there is a way can change this threshold, it is by design, gives you enough time to get your change control logged and have the cert issued by the upstream provider.

answered May 18 '18 at 01:58

Niko.Cheng

511
2
4

The certificate is only valid for 90 days at the time of issue, and gets renewed automatically every 30 days. – alt May 21 '18 at 04:01

Is it possible to change the expiry threshold for expiring certificates in Exchange? (Event 12018)

1 Answers1