When you are running in a hybrid setup and have a 3.party certificate installed on your Exchange server and it expires or has been revoked, thing’s stop to work.
You then install a new cert on the server and assigns it to the services in Exchange Control Panel, but mailflow is stil stalled, then it is because you need to assign the certificate to the send and receive connector’s – through Powershell 
First get your certificate thumbprint:
Get-ExchangeCertificate
Copy and paste the thumprint, into the following commands:
–> Update the TLSCertificateName attribute on the Office 365 SendConnector.
$Cert = Get-ExchangeCertificate -Thumbprint <New Exchange Certificate>
$TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)
Set-SendConnector -Identity <Office 365 send Connector> -TLSCertificateName $TLSCert
–>Update the TLSCertificateName attribute on the Exchange On-Premises(Hybrid) Receive Connector which is receiving email from Office 365.
$Cert = Get-ExchangeCertificate -Thumbprint <New Exchange Certificate>
$TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)
Set-ReceiveConnector -Identity <Office 365 to On-Prem> -TLSCertificateName $TLSCert
If the HCW has been run, it normally labels the send connector like this: Outbound to Office 365
So it could look like this:
$Cert = Get-ExchangeCertificate -Thumbprint 1EB1172F9902FF8BF55497552DE038F4BB9BB500
$TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)
Set-SendConnector -Identity “Outbound to Office 365” -TLSCertificateName $TLSCert
After this, all should be good to go