One domain. Cert has expired for email, but not for https?!


My email was working, but now Thunderbird says the domain certificate expired yesterday. Other email clients agree (K9, Nextcloud Mail).

  • When I visit the domain in Firefox it says the certificate is fine.

  • Yunohost domain cert status says the cert for my domain and my Yunohost root domain are both “Great!” with a validity of 85 and 57 respectively.

  • sudo yunohost domain cert renew says No certificate needs to be renewed.

  • I tried forcing the cert tool to update the domain. The domain shows as updated in Firefox but not my email clients.

I’m using Yunohost 11.1 switched over from Yunohost unstable.

So I’m confused. With Firefox and Thunderbird showing different certificates for the same domain, how how do I update the certificate used for email, when the cert tool believes all the certificates are up to date?



Mon courriel fonctionnait, mais maintenant Thunderbird dit que le certificat de domaine a expiré hier. D’autres clients de messagerie sont d’accord (K9, Nextcloud Mail).

  • Lorsque je visite le domaine dans Firefox, le certificat est correct.

  • Yunohost domain cert status indique que le certificat pour mon domaine et mon domaine racine Yunohost sont tous les deux “Great !” avec une validitĂ© de 85 et 57 respectivement.

  • sudo yunohost domain cert renew indique qu’aucun certificat n’a besoin d’être renouvelĂ©.

  • J’ai essayĂ© de forcer l’outil cert Ă  mettre Ă  jour le domaine. Le domaine apparaĂ®t comme mis Ă  jour dans Firefox mais pas dans mes clients de messagerie.

J’utilise Yunohost 11.1, qui a été remplacé par Yunohost unstable.

Je suis donc confus. Firefox et Thunderbird affichant des certificats différents pour le même domaine, comment puis-je mettre à jour le certificat utilisé pour la messagerie électronique, alors que l’outil de certification estime que tous les certificats sont à jour ?

Seems related to

Yes, it really does sound like the same issue. The only problem is that running the postfix command and rebooting doesn’t seem to fix it. I also tried updating and restarting, which also didn’t help, but then I think some of the entries in my sources lists are wrong, so that may be interfering with the upgrade.

Hmkay, what about postfix -F hash:/etc/postfix/sni ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.