Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

thunderbird asks me to confirm ssl-certificate exception, even though the domain its showing me shouldnt be used

  • 3
  • 1 nwere nsogbu anwere nsogbu a
  • 6 views
  • Nzaghachi ikpeazụ nke david

more options

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

All Replies (3)

more options

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

more options

david said

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

But what is the purpose to validate tld.com? What exactly is thunderbird trying to find there? It only needs to connect to imap.tld.com / smtp.tld.com, no?

If i kill the process while its asking for an exception and start thunderbird again, it doesnt ask me to make a security exception anymore and i can send/receive emails normally.

Is it maybe trying to connect there to find caldav or something while initializing the account?

more options

TB isn't trying to 'find' anything; it's just standard protocol in internet connectivity to put domain name authentication over subdomain authentication because domain name servers track domains, not subdomains.