Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Thunderbird Email - SSL Certificate error with Lets Encrypt

Discussion in 'Security' started by swbrains, Sep 20, 2018.

  1. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    149
    Likes Received:
    18
    Trophy Points:
    168
    Hi,

    I had an AlphaSSL certificate installed on my domain, which expired today. I decided to enable AutoSSL on that account, and a Lets Encrypt certificate was successfully installed on my domain. But when I launch Thunderbird to get my email, it now issues an error regarding the certificate:
    screencapture_000042.png

    So I logged into my server account and deleted the expired AlphaSSL cert from the domain and ensured that only the active LE cert was remaining, but the problem persists.

    If I click Get Certificate in the above , I get this error, even though the new LE cert is installed and working for web access (HTTPS):
    screencapture_000043.png

    If I remove the :995 port from the Location field above, I can click Get Certificate and it finds the LE cert, but tells me I don't need to make any changes to the email account configuration, so Thunderbird issues the same error above the next time I retrieve email.

    Does anyone have any ideas why using Lets Encrypt with Thunderbird is an issue or has anyone seen this before?

    Thanks!
     
    #1 swbrains, Sep 20, 2018
    Last edited: Sep 20, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @swbrains,

    Can you verify what you are entering for the mail server host name? For instance, are you using "domain.tld", "mail.domain.tld", or your server's hostname? Can you also check that the "mail" subdomain is not excluded from AutoSSL in cPanel >> SSL TLS Status?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. swbrains

    swbrains Well-Known Member

    Joined:
    Sep 13, 2006
    Messages:
    149
    Likes Received:
    18
    Trophy Points:
    168
    I ended up generating an AlphaSSL certificate for my primary domain and installing that on the primary domain account, but the error still happened. What was strange is that I noticed the cert that TB was showing in its error window was a wildcard cert that also had the root domain listed on it. I had generated the new wildcard cert via AlphaSSL a while ago (August). My server admins later determined that the Service SSL Cert needed to be replaced by the newest AlphaSSL wildcard certificate generated in August.

    I couldn't find the expired wildcard cert in Manage SSL Hosts or in SSL Storage Manager, but I *could* still see it on the server in the list when I was viewing the page where you install an SSL certificate and clicked the Browse Certificates button to view existing certs on the server. When I selected to Browse Apache certificates, I found what I believe to be the expired certificate that is being retrieved by Thunderbird and MS Mail. I didn't know where it was being referenced from on the server to be in that list, but apparently it was in the Services SSL area. Once the current cert (from August) was installed there, TB works properly when accessing my primary domain account.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,528
    Likes Received:
    2,180
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @swbrains,

    Thank you for sharing the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice