Outlook Giving Expired Certificate Warnings

Hello,

I installed the Let’s Encrypt certificate on several domains back in November. They expired on Feb 28th. I went through the renewal process weeks ago. And my hosting service, www.interserver.net, verifies that the certificates were renewed. However, since they expired, I’m getting the email warnings you see in the attached screenshots when downloading email. I’m using MS Office/Outlook 2016 Professional (all updates applied). I eventually thought that something in the office installation was not recognizing that the certificates had been renewed. I went as far as to install Outlook on another computer. But I got the same error warnings from a fresh office installation. I don’t recall doing anything special in Outlook when I initially created the certificates. I’ve searched but cannot find a resolution to this issue. Has anyone seen this and know what’s causing the warnings and how to clear it up? Thanks in advance.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: myMobileFaith.com and kandigram.com (note that the website files for myMobileFaith.com are not yet published so you’ll see an access denied message. But I’ve been using the email account for months.)

I ran this command: opened outlook and tried to download email

It produced this output: e1_c|513x376

My web server is (include version): Don’t know. Hosted at interserver.net

The operating system my web server runs on is (include version): Unknown

My hosting provider, if applicable, is: interserver.net

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk (hosted, so I assume it’s the latest version)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): n/a

1 Like

While it is true that the website certificate has been renewed:

$ openssl s_client -connect myMobileFaith.com:443 -showcerts 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar  3 02:20:30 2020 GMT
notAfter=Jun  1 02:20:30 2020 GMT

The certificate doesn’t appear to have been installed to any of the mail services, which still show the certificate that expired on February 28:

$ openssl s_client -connect myMobileFaith.com:995 -showcerts 2>/dev/null | openssl x509 -noout -dates
notBefore=Nov 30 17:10:36 2019 GMT
notAfter=Feb 28 17:10:36 2020 GMT

$ openssl s_client -connect myMobileFaith.com:465 -showcerts 2>/dev/null | openssl x509 -noout -dates
notBefore=Nov 30 17:10:36 2019 GMT
notAfter=Feb 28 17:10:36 2020 GMT

$ openssl s_client -connect myMobileFaith.com:587 -starttls smtp -showcerts 2>/dev/null | openssl x509 -noout -dates
notBefore=Nov 30 17:10:36 2019 GMT
notAfter=Feb 28 17:10:36 2020 GMT

So whoever administrates your MailEnable service needs to login to the server and restart it with the renewed certificate.

2 Likes

Hi @hitmycell

checking your domain - https://check-your-website.server-daten.de/?q=mymobilefaith.com#connections

There is a new certificate:

CN=mymobilefaith.com
	03.03.2020
	01.06.2020
expires in 70 days	*.mymobilefaith.com, mymobilefaith.com - 2 entries

But your port 443 uses that certificate, your mail ports not.

Instead, the expired certificate

CN=mymobilefaith.com
	30.11.2019
	28.02.2020
24 days expired	*.mymobilefaith.com, mymobilefaith.com - 2 entries

is used.

There are

Port 465:

220 PLESK3200.home ESMTP MailEnable Service, Version: 10.27-- ready at 03/22/20 19:58:41

Port 993:

  • OK IMAP4rev1 server ready at 03/22/20 19:58:45

Port 995

+OK Welcome to MailEnable POP3 Server

some mail servers, may be Plesk services. Check your system how to update these services.

May be it’s enough to restart these services.

2 Likes

Hi _az and JuergenAuer.

Thank you very much for your replies. I contacted the hosting service and they have acknowledged that they neglected to renew the certificates on the email servers. Again, thank you. Please have a safe, good and productive week.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.