If you have just replaced your front end SSL cert and now you can't log into ECP or OWA, this is due to the way the private key is stored. Exchange 2013 only supports hashing SHA-1 not SHA-2 on the key.

The easiest way to solve this issue is to replace the cert you just requested but do this through the exchange powershell:

New-ExchangeCertificate –Server Servername –GenerateRequest –FriendlyName  –PrivateKeyExportable $true –SubjectName “c=CB, cn=mail.domain.com” –DomainName  mail.domain.com,autodiscover.domain.com –RequestFile “filelocation”