GMail Client Trust anchor problem


#1

Hello everyone,

I have some problem with the Gmail client of all my android devices. Every time I connect with the client to my mail server i got the following error.

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found

Can anyone check if he has the same problem with his Let’s Encrypt certificate and the Gmail client?

Other mail clients even on android are working fine, google chrome on andorid also no problem.

Thanks


#2

Java doesn’t trust Let’s Encrypt root:


#3

@selecadm is generally correct, however I believe that Android ships its own root store, which should include the DST root certificate used for cross-signing by Let’s Encrypt.

My guess is that you are not sending the intermediate certificate along with your own certificate. This would result in clients not being able to build the trust chain to the trusted root certificate (unless it’s been cached from a previous request to a service that included the correct intermediate certificate).

How this is done depends on your mail server software. If you’re not using fullchain.pem or chain.pem anywhere in your configuration, you’re definitely looking at this problem. There have been a couple of threads for various mail servers here, maybe one of them has the information you need.