Recently had a Let’s Encrypt SSL Certificate auto update and Thunderbird is now giving the following message when trying to send an email:
Sending of the message failed.
Peer’s Certificate has expired.
The configuration related to mail.[mywebsite].com must be corrected.
I’ve spent some time googling around and haven’t come up with much. At the Thunderbird support forum they’re saying this is a server issue (not related to Thunderbird) and something about it receiving a cached version of the certificate over TLS? Is that possible? Seems unlikely.
Cyberpanel is reporting the certs are fine and https is working fine on the website side of things. The certificates themselves seem bundled together in a file at: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt (and tls-ca-bundle.pem) - opening the files, I can’t tell one from another but I have no reason to believe there’s anything wrong with them in any case.
Sending email works fine in rainloop.
Typically, I like to figure these things out myself but I must admit I’m completely baffled. Has anyone else experienced this issue? I’d greatly appreciate any help. Thanks!
Why are there 4 security certificates involved here? At any rate, the first one: Serial Num: 04:86:7A:F5:25:AC:FC:57:B2:C9:6A:C1:B1:9F:AB:4E:C2:41 is the one Thunderbird keeps getting and that’s the one that’s expired apparently.
Again, didn’t realize there were 4 certificates. Don’t you just need one?
Where would I find this expired cert on the server? How do I get rid of it or replace it?
Edit:
I’m now assuming these are the end-user certificates that are expired? I tested this and it’s true for every domain on the server except for the primary domain. Reissuing doesn’t seem to help. Where are the end-user certs stored on the server? I’m not seeing them in the intermediate chain. Been at this for over a week now and always end up at a dead end.
