Office 365 Hybrid not working after certificate renewal, throwing a TLS error
So yesterday I casually renewed our soon to expire SSL certificate on our on-premise exchange 2016 server. We have had no issues with this setup. I went through the normal process of renewing the certificate from the Exchange admin center, I get the CSR from the exchange server, upload it to Godaddy and re-key our existing certificate and download the new certificate on our exchange server and complete the renewal from the admin center. No errors and everything looks good. I assign all the services to the new certificate, reboot exchange and test the owa and it shows the new expiration date so I'm assuming all is well. That is until the next morning when I realize that no external emails have come in the on-premise server.
So I check and can send emails outside but nothing is coming in....
After doing a trace on office 365, all the emails coming externally and going to the on-premise exchange have a status of pending and the error is related to TLS. After trying to validate the connector from office 365 to the exchange server, we get this: 450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 TLS negotiation failed with error SocketError]
After 2 hours on the phone with Microsoft we disabled TLS and everything is flowing in but the issue is that TLS is off and there is a problem with the connection. Microsoft thinks there is an issue with the new certificate.
Has anyone experienced this and found what the problem was? The certificate looks totally fine and everything seems to match. When I check online to validate it it return TLS 1.0 1.1 and 1.2 ok... So I'm at a loss.
Again, I just renewed the certificate to extend it's expiration date, nothing else was done or changed on the exchange server or on the office 365 configuration. Microsoft did everything they new )Run the HCW, setup TLS domain, confirm correct certificate is used....).