I have started to get the below error a few days ago. I'm not shy, but I'm guessing something in a patch.
12014 MSEXCHANGE transport
Microsoft Exchange could not find a certificate that contains the domain name antispamsrv.widgets.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector default smtp with a FQDN parameter of antispamsrv.widgets.com. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Our layout is that we have an antispam server in front of the SBS server and exchange.
Currently the mx record points to that, I'm calling it antispamsrv.widgets.com. So there is in fact no cert with that name on it.
Can I do a self signed cert or do i need to get a commercial one? Do I just get one with the antispamsrv.widgets.com name in it?