OWA and ECP failure after Install Exchange 2016 CU17

I recently ran into an issue after update Exchange 2016 from CU15 to CU17. The upgrade installation took around an hour, but was eventually completed successfully according to the Installation Wizard at least. When I tried to access ECP, I got the error below even before the login page shows up. At the meantime, Exchange Management Shell is inaccessible due to the error.

In the eventlog, there are lots of 1003 errors relate to MSExchange Front End HTTP Proxy. 

After some research, it appears the issue is caused by corrupted SharedWebConfig.config files in C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy and C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess. But regenerating the files base on this MS document didn’t fix the issue.

I end up had to setup a test Exchange 2016 CU17 in my own lab environment. Once the new Exchange is up, I copied those 2 SharedWebConfig.config files to the production Exchange server and then did a IISRESET. To my dismay, ECP this time came up with the login page, but after authentication it returned back with a blank page.

Upon checking eventlog, I notice there are bunch of HttpEvent errors. These errors seem to indicate issue is to do with the certificate used for ECP and OWA.

It turns out the ECP backend was somehow binded to a deleted certificate. So the fix is just to set the backend binding to a valid SSL certificate and restart IIS!

I am still not sure how those SharedWebConfig files are corrupted, as the CU installation process completed successfully. But if you need, here is the link for the good CU17 config files. Save you the hassle to build another Exchange server (It took me hours).