Security Alert The security certificate has expired or is not yet valid. since upgrading to Exchange 2007 sp3

Last night I upgraded a clients SBS 2008 server from sp1 ru10 to sp3 for Exchange 2007. The upgrade went through without errors & I edited the bindings as per http://support.microsoft.com/?kbid=982423 so that OWA again worked, but now the Outlook clients on the LAN are receiving the following.

Security Alert

The security certificate has expired or is not yet valid.

The name on the security certificate is invalid or does not match the name of the site.

I have run the "Fix my network" wizard but this only reissues the "remote.domain.com.au" certificate which stops OWA, so I then edit the bindings for "SBS Web Applications" & change the https ssl certificate back to "sites" (which is expired) in IIS as per http://support.microsoft.com/?kbid=982423.

I have also looked at http://telnet25.wordpress.com/2009/09/30/the-security-certificate-has-expired-or-is-not-yet-valid/ & I can see two "Invalid certificates", one of which is the "sites" certificate & the other is for remote.domainname.com.au

NotAfter           : 3/11/2011 10:56:37 PM
NotBefore          : 3/11/2009 10:56:37 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : IMAP, POP, IIS, SMTP
Status             : DateInvalid
Subject            : CN=Sites

NotAfter           : 3/11/2011 11:49:39 PM
NotBefore          : 3/11/2009 11:49:39 PM
PublicKeySize      : 2048
RootCAType         : Registry
Services           : IMAP, POP, SMTP
Status             : DateInvalid
Subject            : CN=remote.domain.com.au

When I follow the article to Get-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXX | New-ExchangeCertificate I receive this warning

This certificate will not be used for external TLS connections with a FQDN of server.domain.local because the CA-signed certificate with thumbprint YYYYYYYYYYYYYYYYYYYYYYYYYYYYYY takes precedence. The following connectors match that FQDN: Default Server.

Confirm

Overwrite existing default SMTP certificate, ZZZZZZZZZZZZZZZZZZZZZZZZZZZ, expires 11/10/2014 with certificate AAAAAAAAAAAAAAAA expires 11/10/2017.

I have selected No as I want to replace the certificate with thumprint X, not Z

How can I replace the certificates that have expired? I am assuming that they are causing the error within Outlook, although their expiry date is nearly 12 months old & there was no error prior to upgrading to Exchange sp3

Regards, Scott