At the end of last year, I went through the procedure outlined here http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html to renew the certificate.
I noticed after this that when attempting to log into OWA via the public address https://www.domain.com/exchange the login page appears fine, however when you type your credentials and click login, it displays a server error page with the error "403 forbidden access is denied" and "You do not have permission to view this directory or page using the credentials that you supplied."
Accessing from the internal address https://server/exchange allows login and works fine.
I notice that the certificate used from the external link is different from the one used through the internal one. The internal one is the new self-signed cert, and the external one is the web server ssl certificate which I don't believe it should be (the web server is completely separate from the exchange server). This may be a red herring.
Anyway, is there something I have missed that needs to be done for the OWA to use the new certificate? The site is published through ISA 2006, so that could be another factor I have not addressed as yet.