Thunderbird keeps asking certificate exception and doesn't fetch mails

Hey hello,
Today I was trying to fix some issues I had with my YNH which is in a VM behind a caddy firewall in the main machine.
I don’t need YNH to handle certificates for https since caddy is doing it, but I need it for IMAP and SMPT config. The certificate wasn’t accessible so far, so I was getting a warning to accept an invalid certificate when adding an account on Thunderbird, also Thunderbird couldn’t fetch the autoconfig because caddy firewall wasn’t properly redirected.
I wanted to make the whole thing more user friendly and to solve these certificate+autoconfig issues so I setup forwarding in caddy for the url to the certificate and autoconfig, which I think should be:

  • for the certificate: /.well-known/acme-challenge/
  • and for the mail autoconfig: /.well-known/autoconfig/mail/.

Since that, thunderbird is asking me to add a security exception every time I touch anything, and if I accept the exception it doesn’t even fetch new mails. It says the certificate I’m using is for another domain, and if I examine the certificate, it points to yunohost.mydomain.tld (which is my main domain, where is yunohost SSO), but my email address is in @mydomain.tld. So I don’t really know how to solve this issue.

Basically emails cannot be checked with thunderbird now, so I wanted to go back and removed the caddy config I had added, but doing that doesn’t even allow me to roll back to the previous state.
What I don’t understand, is that K9 mail can still fetch mail and doesn’t display errors.

I guess you have several domains on your yunohost instance and try to fetch email from a “secondary” (!= main) domain ?

If that’s the case then I think the issue you encounter is :

(well in addition to the whole caddy / reverse proxy thing which doesn’t help I guess :confused: )

Yes, that’s exactly my situation.

I had seen the issue you mentioned, but somewhat something I don’t understand is why it worked so far and just today after the changes I tried it doesn’t work anymore.

Edit: Because the situation now is that basically mails can’t be fetched from any email client (tested with K9 mail a few hours after now fail like Thunderbird).

Since I have only one domain that I use for emails, I just changed the dovecot and postfix config to point to that email domain instead of the main domain.

To do that:
change in /etc/dovecot/dovecot.conf

ssl_cert = </etc/yunohost/certs/maindomain.tld/crt.pem
ssl_key = </etc/yunohost/certs/maindomain.tld/key.pem


ssl_cert = </etc/yunohost/certs/emaildomain.tld/crt.pem
ssl_key = </etc/yunohost/certs/emaildomain.tld/key.pem

and in /etc/postfix/

smtpd_tls_cert_file = /etc/yunohost/certs/maindomain.tld/crt.pem
smtpd_tls_key_file = /etc/yunohost/certs/maindomain.tld/key.pem


smtpd_tls_cert_file = /etc/yunohost/certs/emaildomain.tld/crt.pem
smtpd_tls_key_file = /etc/yunohost/certs/emaildomain.tld/key.pem

and run:

sudo service dovecot restart
sudo service postfix restart