Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

thunderbird asks me to confirm ssl-certificate exception, even though the domain its showing me shouldnt be used

  • 3 antwoorde
  • 1 het hierdie probleem
  • 6 views
  • Laaste antwoord deur david

more options

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

All Replies (3)

more options

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

more options

david said

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

But what is the purpose to validate tld.com? What exactly is thunderbird trying to find there? It only needs to connect to imap.tld.com / smtp.tld.com, no?

If i kill the process while its asking for an exception and start thunderbird again, it doesnt ask me to make a security exception anymore and i can send/receive emails normally.

Is it maybe trying to connect there to find caldav or something while initializing the account?

more options

TB isn't trying to 'find' anything; it's just standard protocol in internet connectivity to put domain name authentication over subdomain authentication because domain name servers track domains, not subdomains.