We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

thunderbird asks me to confirm ssl-certificate exception, even though the domain its showing me shouldnt be used

  • 3 பதிலளிப்புகள்
  • 1 இந்த பிரச்சனை உள்ளது
  • 6 views
  • Last reply by david

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

All Replies (3)

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

david said

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

But what is the purpose to validate tld.com? What exactly is thunderbird trying to find there? It only needs to connect to imap.tld.com / smtp.tld.com, no?

If i kill the process while its asking for an exception and start thunderbird again, it doesnt ask me to make a security exception anymore and i can send/receive emails normally.

Is it maybe trying to connect there to find caldav or something while initializing the account?

TB isn't trying to 'find' anything; it's just standard protocol in internet connectivity to put domain name authentication over subdomain authentication because domain name servers track domains, not subdomains.