Certificate errors in Thunderbird despite valid cert

Hi All

I am completly new to linux and I have been banging away at this problem for 12 hours and admit defeat. Its begining to feel impossible to resolve!

I have iredmail (postfix / dovecot / roundcube webmail) installed and everything seems to work.
Web mail works for inbound and outbound.
port 25 143 443 and 587 are forwarded through my firewall to the mail server
The server host name is mail.safemail.nz
I have a letsencrypt cert installed and it works in Nginx (no errors on webmail page) and correct cert visible
The cert is issued to mail.safemail.nz
I have tried adding the cert to Postfix and Dovecot by using the symlink method described here: Request a free cert from Let's Encrypt
I have also tried adding the following to the dovecot.conf file:

ssl_cert = </etc/letsencrypt/live/mail.safemail.nz/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.safemail.nz/privkey.pem

and the following to the postfix main.cf

smtpd_tls_key_file = /etc/letsencrypt/live/mail.safemail.nz/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.safemail.nz/cert.pem
smtpd_tls_CAfile = /etc/letsencrypt/live/mail.safemail.nz/chain.pem

However when I try to set up a Thunderbird email client (user=myname@safemail.nz) I get an error (see attached) about adding a security exception for location "safemail.nz" Even though the cert is correctly issued to mail.safemail.nz. The attached shows a screen shot of the error with the certificate in question in the background.

The second attachment shows the setting I am using on the client.

Any suggestions as to how to resolve this would be appreciated as I am stumped.!

I'm not seeing any issue with your mailserver on mail.safemail.nz through SMTP on port 25, IMAP on port 143 nor HTTPS on port 443?

Could you perhaps share a screenshot of the exact error message?

here you go - you'll see the error has safemail.nz as the location white the cert has MAIL.safemail.nz

That's very weird, as you've clearly entered the correct hostnames in the hostname fields.. Perhaps the "Advanced" button in Thunderbird at those settings has some interesting info?

Or maybe an older account with incorrect settings?

The account is brand new - I only installed the system yesterday. the advanced options do not provide anything useful. I am totally baffled by this. I need users to be able to use Thunderbird as many of them do not have Outlook and do not like webmail.

I understand your predicament. I'm just as baffled as you are to be honest: this should work nicely.

Maybe a bug in Thunderbird?

I'm not getting your error in Thunderbird 78.13.0:

I do get of course an error about an incorrect password:

But no certificate errors?

You might have some AV software or firewall installed doing IMAP/SMTP TLS inspection, thus causing the warning.

The "View" button on the warning should show you the exact certificate you're getting, which should have an indication about what's going on.

I only get the error after I have created the account. Try and create one with address foo@safemail.nz and password FooBar123!

I've just send and received a test e-mail send from and to foo@safemail.nz without any (certificate) error.

I've also already deleted (also from the bin) said e-mail, as my IP address was visible in the headers. :slight_smile: However, you should be able to see all the relevant TLS connections in your logs.

Hmmmm. So wierd. Thanks for your help. I'll try an older version of Thunderbird and a different PC, I set up an account on windows mail and did not get an error on that so it seems Thunderbird specific.

1 Like

Thanks again. I think you are right and its a bug in TB. I just installed v91.03 on a different PC and got the same error. Uninstalled it and installed 78.13 and it worked with no error.

Well that's 14 hours of my life I'll never get back!

Curious, I'm not seeing any issues mentioned on Google about this. Perhaps you should file an issue at Mozilla about this.

I couldn’t find anything about it on Google either. It gets even weirder though – I have found that if you cancel that error it will pop up again. Cancel it several times and the problem seems to go away – after that Thunderbird seems to work ok.

I’ll see how to report a bug and see what happens. :blush:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.