I think you would have new certs quickly enough by enabling built in certificates and turning off Certify. Make sure the paths in Bindings -> Ports match the path that SmarterMail is going to use for the certificates.

I have SmarterMail Automatic Certificates (as a trial) on one server, and I use Certify on the other, and I would never consider switching from Certify to the SmarterMail Automatic Certificates. I am considering switching from SmarterMail on the other server to Certify. CTW just gives you so much more control and flexibility.

I have never done anything to the certificates in Certify besides setting them up.

What kind of control is that you need/get with Certify that SM is missing?

You can have Certify export the certificate to a location, either locally or remotely (ie SFTP) as a .pfx with a specified password, to multiple places if needed. (or most any format needed) Deployment tasks can be automatic or manual.

Outside of use for SmarterMail, you can have Certify bind certificates to specific service ports, such as DoT or DOH (in my application),

You can have Certify use a specific letsencrypt account with multiple certify installs which can be useful.

You have more control over the renewal frequency.

You can do DNS-01 Challenges to get wildcard certs.

You can specify that Certify use the same private key, or specify a private key, which can be useful for DANE applications.

Even if you let it generate a new private key every time, it's easily accessible if you need it.

You have much more control over the signing algorithm and options.

These are just the features I use, and I am by no means an advanced Certify user.

On the other hand, SmarterMail Certs are easier to set up and if they are set up right they just work.

I'm having a nightmare with setting these certificates up.

If I place the .pfx file into the SM certificates folder and enter the password everything goes in fine.

I then go and have a look in the Certificates folder and it says invalid password and none of the details are there:

Now if I upload the pfx from the certificates area, all looks fine:

But when I try and use that in the bindings it says its not a valid certificate!

What am I doing wrong?

Surely this should be easier than this?

Once I got settings -> SSL Certificates right, I had no problem with the bindings EXCEPT that my browser was autofilling the password and so I had to retype it in every binding I opened to change the path.

How did you get the certificates right?

If I have a cert in the SSL Certificates area that says its ok, I can't seem to bind it as it says its not valid!

If I place the pfx in the certificate folder and than select it then it fails in the certificates page but works with binding!

I'm a bit stuck at the minute.

It’s been a while but I think the fix was to have the path and password in Settings-> SSL certificates set before placing the certificates in the folder. Then when setting the bindings I only had the issue with password autofill to deal with. Wish I could be more help. 

Where are you seeing that the SSL certificate is invalid when you try to srt the binding on it? Is that under Settings>Bindings you see it complaining about the PFX? If so, you may be encountering the password autofill issue Patrick noted. To confirm you can try logging on as a system administrator from a guest session in your browser (since it won't have any saved passwords) and see if it works properly from there. I hope that helps! :-)

No, its not in that part.

Its not generating certain certificates.  The binding is there.

I did open a ticket today, Dylan logged in to the server but I have not heard back yet.