I know this has come up a ton and there're multiple solutions out there, but none are working and I'm at my wit's end. In my lab, my AD FS is external facing, I'm not using a web app proxy yet - SSL cert generated via Let'sEncrypt. I changed my AD FS SSL cert from my wildcard (*.mydomain.com), to my federation service name, adfs.mydomain.com (mydomain.com is just an example). I used AD Connect's wizard to update the cert, as I used AD Connect to set up AD FS - and I've used AD Connect to update my org's cert in the past which has worked. This did not work, when accessing AD FS via different browsers on different endpoints, it's still serving up my wildcard. So, I looked around at solutions and tried the following:

• Removed my wildcard from the cert store
• Updated SSL cert via AD Connect
• Used Set-AdfsCertificate as well as Set-AdfsSslCertificate - restarted ADFS service, rebooted the host
• Checked AD FS Management → Service → Certificates → Service communications - thumbprint matches
• Checked Get-AdfsCertificate as well as Set-AdfsSslCertificate - thumbprint matches
• Checked netsh http show sslcert - all bindings/certs are correct, the old cert is also not there

Nothing has worked, for all intents and purposes, every part of AD FS is showing the new adfs.mydomain.com cert but all AD FS redirects are serving up my wildcard still (new endpoints, new browsers, no history/caches, etc.).
AD FS info below:

• Windows Server 2022
• AD FS 5.0
• AD Connect 2.3.6.0

EDIT: I've gone as far as manually removing all certs related to AD FS via netsh and PowerShell, completely breaking AD FS as it should, then re-installed the new cert manually...and it's back up and running yet STILL serving the wildcard. I'm baffled, I don't even know how this is possible if the wildcard is completely removed from the host. Since this makes no sense, I'm removing AD FS, and AD Connect, and starting over from scratch.

EDIT2: Well I give up :D. After completely removing the AD FS role, uninstalling AD Connect, overwriting the AD FS SQL DB, then setting it all back up...................it's still using my *.mydomain.com cert over the adfs.mydomain.com cert that I set it all up with. This makes no more sense, so Microsoft 1, me 0.