Hi @jeff mcnabney ,
So you are now using the cert1(3rd party SSL) in Exchange server 2016.
You can't remove the certificate that's being used. And the cert2 is unused right?
In that case you can remove the old one.
Here’s a document for you reference.
Remove-ExchangeCertificate (ExchangePowerShell) | Microsoft Learn
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.