I always have to forget change all internal and external Exchange links (autodiscovery, oof, oab, etc). Therefore I save set of commands in this article.
All changes will be sets in Exchange Management Shell.
At first step install correct certificate (buy it from vendor, or deploy with LetsEncrypt).
Apply certificate to IIS service:
Set-ExchangeCertificate -Thumbprint XXX -Services IISEnable Autodiscover url with external address:
Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri "https://external.domain.tld/Autodiscover/Autodiscover.xml"Set Outlook Anywhere with negotiate auth method and correct external url:
Get-OutlookAnywhere | Set-OutlookAnywhere -InternalHostname external.domain.tld -ExternalHostname external.domain.tld -InternalClientRequireSsl $true -ExternalClientRequireSsl $true -InternalClientAuthenticationMethod negotiate -ExternalClientAuthenticationMethod negotiateSet ActiveSync, OAB (Offline Address Book), mapi and other Exchange services (OOF) virtual directory external and internal url:
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -InternalUrl "https://external.domain.tld/Microsoft-Server-ActiveSync" -ExternalUrl "https://external.domain.tld/Microsoft-Server-ActiveSync"
Get-OABVirtualDirectory | Set-OABVirtualDirectory -InternalUrl "https://external.domain.tld/OAB" -ExternalUrl "https://external.domain.tld/OAB"
Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl "https://external.domain.tld/ews/exchange.asmx" -ExternalUrl "https://external.domain.tld/ews/exchange.asmx"
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -InternalUrl "https://external.domain.tld/mapi" -ExternalUrl "https://external.domain.tld/mapi"At last step restart iis with command:
iisreset 