Thunderbird Email - SSL Certificate error with Lets Encrypt

swbrains

• September 20, 2018 10:45

Hi, I had an AlphaSSL certificate installed on my domain, which expired today. I decided to enable AutoSSL on that account, and a Lets Encrypt certificate was successfully installed on my domain. But when I launch Thunderbird to get my email, it now issues an error regarding the certificate: 54497 So I logged into my server account and deleted the expired AlphaSSL cert from the domain and ensured that only the active LE cert was remaining, but the problem persists. If I click Get Certificate in the above, I get this error, even though the new LE cert is installed and working for web access (HTTPS): 54501 If I remove the :995 port from the Location field above, I can click Get Certificate and it finds the LE cert, but tells me I don't need to make any changes to the email account configuration, so Thunderbird issues the same error above the next time I retrieve email. Does anyone have any ideas why using Lets Encrypt with Thunderbird is an issue or has anyone seen this before? Thanks!

• 

  cPanelMichael

  • September 21, 2018 14:07

  Hello @swbrains, Can you verify what you are entering for the mail server host name? For instance, are you using "domain.tld", "mail.domain.tld", or your server's hostname? Can you also check that the "mail" subdomain is not excluded from AutoSSL in cPanel >> SSL TLS Status? Thank you.

  0
• 

  swbrains

  • September 21, 2018 14:51

  I ended up generating an AlphaSSL certificate for my primary domain and installing that on the primary domain account, but the error still happened. What was strange is that I noticed the cert that TB was showing in its error window was a wildcard cert that also had the root domain listed on it. I had generated the new wildcard cert via AlphaSSL a while ago (August). My server admins later determined that the Service SSL Cert needed to be replaced by the newest AlphaSSL wildcard certificate generated in August. I couldn't find the expired wildcard cert in Manage SSL Hosts or in SSL Storage Manager, but I *could* still see it on the server in the list when I was viewing the page where you install an SSL certificate and clicked the Browse Certificates button to view existing certs on the server. When I selected to Browse Apache certificates, I found what I believe to be the expired certificate that is being retrieved by Thunderbird and MS Mail. I didn't know where it was being referenced from on the server to be in that list, but apparently it was in the Services SSL area. Once the current cert (from August) was installed there, TB works properly when accessing my primary domain account.

  0
• 

  cPanelMichael

  • September 21, 2018 14:53

  Once the current cert (from August) was installed there, TB works properly when accessing my primary domain account.

  
  Hello @swbrains, Thank you for sharing the outcome.

  0

Please sign in to leave a comment.