Note Current Cost of SSL SAN Certificate February 2016 
Digicert 3 year SAN (four domains) $700
Comodo 3 year SAN certificate (three domains) £705 (plus £105 per additional domain)
Trustsign 3 year UCC Certificate (three domains) £295 plus VAT ($410 plus VAT) plus £90 ($125) per additional domain
Also note that after February 2018 the longest period you can buy is 2 years.

Sealion require four domain SAN for Exchange
mail.sealionshipping.co.uk
autodiscover.sealionshipping.co.uk
mail.sealion.com.br
autodiscover.sealion.com.br

Process
To renew a certificate, a certificate request (CSR) needs to be downloaded from the Exchange server and pasted into the certificate provider’s website once you purchase the certificate. They in return ask you to provide a method of authentication (CVR) either an entry in the public DNS or an email to administrator@ to authenticate you own the domain. Once authenticated the Certificate Authority send you a Root and two Intermediate certificates to install on your Exchange server.
NB: An email CVR method provides the quickest turn-around (4 hours). Support is by email.

Instructions – Exporting the CSR & Requesting the Certificates
On the Exchange server make sure you have a valid UNC path available (such as a local shared folder on the C drive ie. \\server\cert) as you need to save and retrieve your certificates from there.
Using the Exchange Admin Centre navigate to Server, Certificates and select the soon to expire SAN certificate. Click on “Renew” and using the wizard to follow the steps to export the CSR. Once exported successfully you will see the “Renew” change to “Complete”

Open up the CSR file in Notepad (change the extension to txt if required) and copy and paste the text into the CA’s website (or send in their email if requested).

You then await their authentication validation email, click the link and shortly afterwards they forward you four certificates (Root, two Intermediates, and the certificate to enter into Exchange)

Instructions – Importing the Certificates

Run MMC, and Add Snap-in, Certificates. Select Certificates and Add to right hand pane. OK. Use “My user account” Finish. OK. Open the sub folder tree Certificates. Select Trusted Root Certification Authorities and right click, All Tasks, Import. Using the Wizard, Next and locate the Root certificate file (the certificates have an an extension crt which is not listed but can be imported), Next Place in the certificate store, Next, Finish

Repeat for the two Intermediate certificates BUT select the Intermediate Certificate Authorities folder and place in there.

Close the Console

In Server Admin Tools open the IIS and on the top right of the window click Restart.

Now return to the EAC, and Servers, Certificates and select the expiring SAN certificate and click Complete. Using the Wizard locate the UNC location of the final certificate (usually is a numbered certificate) and click OK.

The certificate should successfully install. Open the new certificate (the unexpired old one is still present) and select Services and check IIS, POP, IMAP, SMTP and Save. It may prompt you that a service is assigned to a current certificate and do you want to take over the service. Click Yes.

Now delete the old expiring certificate as your new certificate now has all the services and expires sometime two years from now.

NB: The expiration date of a renewed certificate includes the days left on the old certificate you have replaced.