This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 17%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I can import the certificate, which shows up in the certificates mmc just fine. It has a golden key, and is valid. It claims that its signature algorithm is sha256RSA.
When I try it in the exchange management shell, it throws this error:
A special Rpc error occurs on server EMAIL: The certificate with thumbprint -OMITTED-
was found but is not valid for use with Exchange Server (reason: KeyAlgorithmUnsupported).
- CategoryInfo : NotSpecified: (:) [Enable-ExchangeCertificate], InvalidOperationException
- FullyQualifiedErrorId : [Server=EMAIL,RequestId=43511723-99f1-4f9c-9954-b2fe09c10172,TimeStamp=1/3/2023 8:52:00
PM] [FailureCategory=Cmdlet-InvalidOperationException] DAB82755,Microsoft.Exchange.Management.SystemConfigurationT
This is a certificate from LetsEncrypt, which I have been using successfully for years. Something must have changed. I can find nothing about this at all via Google.
Any ideas?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 94%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELM%3C/text%3E%3C/svg%3E)
Hi @Allen ,
Welcome to the Microsoft Q&A platform!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @Allen ,
Just checking in to follow up with this thread. If you have any questions or need further help on this issue, please feel free to post back.
Hi @Allen,
Does this issue have any updates?
Have you ever tried to re-apply for a new letsencrypt certificate to install on the Exchange server to see if it can be installed successfully?
I found a detailed article on the steps to install such a certificate, hope it helps you: Install FREE Let's Encrypt certificate in Exchange Server - ALI TAJRAN
Note: Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.
I look forward to hearing from you.
Hi,
It has been a few days and I am checking in to see how things are going on with this issue.Does this issue have any updates?
No, none of this works. I have tried getting another certificate issued, same exact problem. It installs into the certificate store on the Server, but does not show up in the Exchange Control Panel, and when I try to install it in Exchange using PowerShell, I get the error mentioned in my post.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 67%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
I have run into the exact same issue. Did you ever find a solution?