Email Issue: Thunderbird - Peer’s Certificate has expired

Recently had a Let’s Encrypt SSL Certificate auto update and Thunderbird is now giving the following message when trying to send an email:

Sending of the message failed.
Peer’s Certificate has expired.
The configuration related to mail.[mywebsite].com must be corrected.

I’ve spent some time googling around and haven’t come up with much. At the Thunderbird support forum they’re saying this is a server issue (not related to Thunderbird) and something about it receiving a cached version of the certificate over TLS? Is that possible? Seems unlikely.

Cyberpanel is reporting the certs are fine and https is working fine on the website side of things. The certificates themselves seem bundled together in a file at: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt (and tls-ca-bundle.pem) - opening the files, I can’t tell one from another but I have no reason to believe there’s anything wrong with them in any case.

Sending email works fine in rainloop.

Typically, I like to figure these things out myself but I must admit I’m completely baffled. Has anyone else experienced this issue? I’d greatly appreciate any help. Thanks!

can you show me the //email/testTo: results
also check mail domain SSL and let me know,

Thanks for the link to checktls. That’s a valuable resource I was unaware of. Gives me some more info about the problem:

Why are there 4 security certificates involved here? At any rate, the first one: Serial Num: 04:86:7A:F5:25:AC:FC:57:B2:C9:6A:C1:B1:9F:AB:4E:C2:41 is the one Thunderbird keeps getting and that’s the one that’s expired apparently.

Again, didn’t realize there were 4 certificates. Don’t you just need one?

Where would I find this expired cert on the server? How do I get rid of it or replace it?

Edit:
I’m now assuming these are the end-user certificates that are expired? I tested this and it’s true for every domain on the server except for the primary domain. Reissuing doesn’t seem to help. Where are the end-user certs stored on the server? I’m not seeing them in the intermediate chain. Been at this for over a week now and always end up at a dead end.

I figured it out. Finally. Hope this helps somebody else with the same issue.

Had to run postmap on the vmail_ssl.map file:

postmap -F hash:/etc/postfix/vmail_ssl.map

Seems to be working fine now.

If you want to know more about postmap: postmap - Unix, Linux Command