webmail not working externaly

dances1960 used Ask the Experts™
Exchange 2013 on server 2012

webmail has been working fine for years until this week, now internal webmail works without problem but external webmail is giving a incorrect cert, and the cert that is incorrect is from a Vigor router/ draytek
we do use a draytek router in the office just as a Wi-Fi point,
How can exchange suddenly start to use a cert from the router and how do I fix it please, The correct cert is still in place and is in date and hasn't been changed in anyway
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
FOXActive Directory/Exchange Engineer
Top Expert 2015

have you checked the settings on the firewall ?
Rodney BarnhardtServer Administrator

It may not see the router as a legit connection. For example, I have seen errors on both my OWA and Outlook Anywhere when my ISP is having a problem. I have also seen it at hotels where you register on their network for Internet access and it’s only valid for 24 hours. The error comes up until you reauthenticate. The following is provided by MS to test connections. You could try it an maybe get more answers.

MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017

If it is working from inside it is an issue with firewall.
Please revert the changes you did if any.

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

David FavorFractional CTO
Distinguished Expert 2018

Start at the beginning. Either publish the URL your connecting too so it can be checked, or check the URL yourself.

Use SSL Labs Tester to check Cert correctness, if same cert is used for a Website.

Then attempt connecting to your mail server using the openssl client.

This will tell you if external SSL cert + config are correct.

You internal Webmail likely works, because your setup bypasses SSL for local connections... so if your SSL cert has expired or somehow your SSL config has become munged, this is the likely explanation.

Tip: Keep in mind some clients (browsers + mail) have recently banned the use of TLSv1.0 + TLSv1.1 only allowing support of TLSv1.2 + TLSv1.3 protocol versions.

If your client requires TLSv1.2 + TLSv1.3 + your mail server is advertising TLSv1.0 + TLSv1.1 then this may be the problem.

This is very common, as these new requirements have only started going into force July 2018, so very recent requirement change.

If all this makes your head spin, might be useful to hire someone to help you fix this.


Hi thank you all for your help, it ended when I found out that the ISP had gave someone else our static IP address in error. All is now working as normal.
Wish I had checked that first, embarrassing.
David FavorFractional CTO
Distinguished Expert 2018

Might be time to work with a new ISP.
Thank you all for the help

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial