There are even a few mail clients supporting SNI: Wiki has been closed
I did not know that and stand corrected 
Anyway, @schoen is correct, @bellidash should follow his advice.
1 Like
There are several employees at our office using the same server. However, none of them are having this issue, and the only person who has Let’s Encrypt is me. So if it’s a server issue with respect to an appropriate certificate – how come I’m the only one having this issue? And how in the hell did Let’s Encrypt get on my phone? I’m the only person that’s ever used my phone.
Hi @bellidash,
As several people have explained, Let’s Encrypt is not “on your phone”. Let’s Encrypt is not software and has not installed anything on your device.
The part of your software interface that you’re looking at is reporting what the Internet services you’re connecting to are sending you. In this case, your e-mail server is sending you an expired Let’s Encrypt certificate because (1) the administrator of your e-mail server chose to use Let’s Encrypt services, and (2) the administrator of your e-mail server did not properly update the Let’s Encrypt certificate when it expired. The same Let’s Encrypt certificate was always in use by the e-mail server, but your phone didn’t complain about it because it wasn’t expired until Saturday.
I don’t know why other people in your office aren’t having the same problem, but it’s likely that they don’t access the server in exactly the same way that you do. For example
- they might be using different phone software that doesn’t generate a warning about expired certificates, or they might have somehow turned off the expired certificate notification
- they might be accessing the same e-mail server under a different name
- they might be using webmail instead of a separate e-mail client application
However, right now the IMAPS and POP3S services on greenlightcreative.net are serving this certificate to anyone who connects.
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAx1a0gxka2B+L0mJZoSqnmDGMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODAzMjcxNDIxNThaFw0x
ODA2MjUxNDIxNThaMCExHzAdBgNVBAMTFmdyZWVubGlnaHRjcmVhdGl2ZS5uZXQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuXm+VS8Us7jK9IS5/z/Pz
7W/p5WfoYNVREYhzt6nXJIwpL3AXskS9RY7LBVJXpX4wNkycYyx50vEUYSa0rzq4
3VbadIT3ONk5WZW1hAuYTop5ju63W9N3yEZ+MzGMfOfW567M+Fgi0LVOHkiPHubY
sCI6RgvXP32JMlg+fSjWnRS1EHJUszsnB3hrV7E6mBW5dCgyh9C1TKKkVCjK1zmC
j520Wo92KsZQWHg619nMIhioro1XVXNNgtOkBIjVERxBSztqQx2f/qHQLr7gL/CH
RMdw9vU9F4VbqUN5V0sRucd10kLMEsXYcOl7mktPD377ZCvGJh3llwLXiCxXZSBH
AgMBAAGjggIyMIICLjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDhksJlmplZKq+ly
Qlhz4bSyiyUOMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsG
AQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNl
bmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNl
bmNyeXB0Lm9yZy8wPQYDVR0RBDYwNIIWZ3JlZW5saWdodGNyZWF0aXZlLm5ldIIa
d3d3LmdyZWVubGlnaHRjcmVhdGl2ZS5uZXQwgf4GA1UdIASB9jCB8zAIBgZngQwB
AgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxl
dHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRl
IG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQg
b25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBm
b3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkq
hkiG9w0BAQsFAAOCAQEAAHkbvZa0Nh8iDJ+zjgeRUQTIC5d51POIO+D4yb10683g
nzBxRMuz7tnQO/PflApAAM4z/XVmLjnEqB2taF814PIA4fwhVlIk9vceFnvXL/Cg
N/qVPYux9jHIVMLbVfBxFrXxJhyJMYXTKcA7o6KUQcpPjrGI6WTRqpKUtGawzHUI
wj8wgP462zSH6NQMZ4fjJW4ZZ6W+m675mDtCOPJ4KrPcWHjPHzKIKtHqRqiiOCef
ebNd8kbao9kYazLEpC+9+dgCY45zH7a3+1sAxJONUNhzOJpsXnSUlp6puEmaup2/
hOgUquEB8vlZLzcGJQfP8Bdollgz8HIbJxJYj56BlQ==
-----END CERTIFICATE-----
This is a Let’s Encrypt certificate that was valid until Saturday, when it expired. It needs to be replaced with an updated certificate. Let’s Encrypt can’t do this; only the administrator of the service can do it. Let’s Encrypt isn’t responsible for doing this; only the administrator of the service is responsible for doing it.
This certificate isn’t “on your phone” except in that when your phone connects to greenlightcreative.net, your phone asks it to prove that it’s really greenlightcreative.net. The above data is what greenlightcreative.net sends back in reply, and your phone then warns you—quite reasonably—that this data is no longer valid proof of greenlightcreative.net's identity.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.