Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Läs mer

thunderbird asks me to confirm ssl-certificate exception, even though the domain its showing me shouldnt be used

  • 3 svar
  • 1 har detta problem
  • 6 visningar
  • Senaste svar av david

more options

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Hello, I setup my own mailserver. It has a valid lets encrypt wildcard-certificate for *.tld.com. The mailserver usees imap.tld.com for imap and smtp.tld.com for smtp. So the certificate should be ok. When i add an account to thunderbird i get the ssl-certificate exception for tld.com. But the tld.com should not be used, only imap / smtp. Why is thunderbird trying to validate a certificate for tld.com?

Alla svar (3)

more options

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

more options

david said

Possibly because tld.com is the domain name, whereas imap.tld.com is only a subdomain.

But what is the purpose to validate tld.com? What exactly is thunderbird trying to find there? It only needs to connect to imap.tld.com / smtp.tld.com, no?

If i kill the process while its asking for an exception and start thunderbird again, it doesnt ask me to make a security exception anymore and i can send/receive emails normally.

Is it maybe trying to connect there to find caldav or something while initializing the account?

more options

TB isn't trying to 'find' anything; it's just standard protocol in internet connectivity to put domain name authentication over subdomain authentication because domain name servers track domains, not subdomains.