Hi @eg1995 , agree with the steps above.
In short, you will need to apply for a new certificate. The official document here introduces about Create an Exchange Server certificate request for a certification authority and Complete a pending Exchange Server certificate request
Then assign right services to this certificate like IIS, SMTP... Assign certificates to Exchange Server services
Re-run HCW to update the certificate
Use below command to check if the connector have matched the new certificate, if they not matching, you will meet issue like this link introduces: New SSL certificate causing mail flow to fail in hybrid deployments
Get-ExchangeCertificate -Thumbprint <Thumbprint> |fl
Get-ReceiveConnector "ConnectorName" |fl Name,TlsCertificateName
If everything is fine, test mail flow both inside and outside.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.