Hey Nidnani,
As you are using Exchange online, the Digital certificate being used for server based authentication must have been issued by Trusted Certificate Authorities like DigiCert, GeoTrust, Symantec, Comodo etc.
Here is an example article from DigiCert CA on renewing existing certificate, depending upon the Certificate Authority, this process would differ a little however, more or less it remains the same just the websites user experience differs .
docs.digicert.com/.../
Since, the number of days left for the certificate expiration is too near, I would suggest you to connect with your security team who manages SSL/TLS digital certificates for your org so that this can be renewed on time.
The process of getting a new certificate issued mainly include these very common steps ::
1. Create a Certificate Signing Request (CSR)
A CSR is a file that you (or your server administrator) need to generate on the server that needs the certificate. You will generate it with a matching private key file that must remain on the server. The CSR contains the matching public key and other information like your organization's name, location, and domain name. If there are any mistakes in that information, you can correct them on the next step.
www.digicert.com/.../sample-csr.php
2. Validate domain name ownership with your certificate authority using TXT/CNAME etc. type DNS records.
www.digicert.com/.../dns-txt-dcv-method.htm
3. Submit the CSR over to your CA website.
4. After some time (Usually takes 30 minutes for me but may take upto 24 hours as well for some CAs), the digital certificate would be issued by your CA.
Please mark my comments as answered if this helped. :-)
Thanks,
Saurabh
