Thunderbird (Latest version) & Certificate: Issue

[Baiyian]

Hello,

I have a nagging issue with Thunderbird. It keeps giving me a hard time with certificates. It just doesn't seems to handle them to well.

I use IMAP, and my hosting is Cpanel stuff. I also use the plugin Remember Mismatched Domains but still, I always get this error message:
[You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.]

I verified RMD, cleaned it. I got to Thunderbird Certificate Manager verified that everything was OK. I erased the "faulty certificate" and restarted Thunderbird. Erasing the "faulty certificate" is the only thing that make it works but only for a time and it starts behaving badly shortly after.

Does anyone know if it's a (known) bug within Thunderbird?
Does anyone have the same issue as mine and found a reliable solution to it?

I'm eager to hear from you.


Regards,
C.E.

[Rod Whiteley]

Presumably the CA has a bug, and is not incrementing its serial number. The "faulty certificate" that you found is not faulty, but the certificate that Thunderbird rejected has the same serial number. I think the advice in the message is correct—contact the server administrator.

[Baiyian]

First of all, a big thanks for your comment, Rod. Appreciated! My host reinstalled it's CA. At his point, I'm still testing to see if my problem will resurface. In the meantime, I also received this comment from my host: "I am not sure why the problem appears but it seems to be connected to Thunderbird only." So easy to shovel problems in someone else backyard. ; )

I'll keep everyone posted with my issue. If someone has an idea what might be causing the certificate problem that prevents from sending emails and where the weak point is, please feel free to jump in. For the moment, I'm unable to know if the issue is: host related OR Thunderbird related.


Cheers,
C.E.

[Baiyian]

My host reinstalled his CA but to no avail. The certificate issue inside Thunderbird is still there. Erasing the certificate entry works for a time and it comes back afterwards. It works for a day and then, the next day it refuses to work and it gives error messages. The error messages are:

MESSAGE N°1
You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:
Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number.

MESSAGE N°2 (arrives right after N°1)
Sending of message failed.
The message could not be sent because connecting to SMTP server {server name here} failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server setting is correct and try again, or else contact your network administrator.

I'm going in circles. I do use Remember Mismatched Domain plugin.
Does anyone know what is the weak point of this issue?
Does Thunderbird have a known bug regarding certificate management that triggers these error messages?
Or, is it an issue with my host?

I'm just trying to figure things out.


Regards,
C.E.

[Rod Whiteley]

I think the next thing to do is to remove RMD, record the serial number of the certificate, and wait for it to go wrong again. The next day, erase the certificate and get the new one, and compare its serial number with the previous one. If they are different, then Thunderbird is lying and you can file a bug report in Bugzilla, attaching the certificates to help the developers reproduce the problem. If they are the same, then the host is issuing invalid certificates.

[Baiyian]

I'll follow your instruction, Rod, and I'll update this thread later.

Support from my host said: "The certificate doesn't get changed by us. You see that after removing the existing certificate which is saved in Thunderbird and then suddenly the same certificate works and Thunderbird accepts it. If the certificate has issues Thunderbird shouldn't ever accept it at all. I searched on google and found many other people suffering from the same error message and all of them use Thunderbird. No complaints from users using other mail clients. The resolution in all those threads was to remove the certificate in Thunderbird and then try again."

In Tools/ Account Settings/ the Outgoing Server (SMTP) section, I noted that under Security & Authentication I've set Use secure connection to: TLS, if available instead of No. Could this be the reason for these error messages?

Nevertheless, I'll follow Rod's suggestion and see what happens.

Cheers,
C.E.

[johnbrid]

I am having similar problems . I run 5 different email accounts and only one has strated having problems. It never used to. I get the same error messages about certificates but I don't even use certificates. I can recieve mail Ok, just not send it. It is very annoying and i do not know what to do. Go back to outlook express?? Surely not!!!! It seems to be tied up with ns6.sovdns.com certificate whatever that is. Can anybody help?

[johnbrid]

I think I have a partial solution although the problem seems to lie with thunderbird.

It seems to be to do with a file called cert8
There are two copies
File 1: One in C:\Documents and Settings\”yourname”\Application Data\Thunderbird
( seems fairly blank if you open it with notepad)
File 2: One in your personal profile which I think is the one thunderbird uses
C:\Documents and Settings\”yourname”\Application Data\Thunderbird\Profiles\nmo47mig.default Your 8 characters will be different
( this appears to have certificates in if you open it with notepad)
The solution for me was to rename file2 (so I could restore it if all went wrong) and to make a copy of file 1 into the second position to take over from file2.

It still asked me about certificates but it would send. Try it . Hope it helps.

[-LP-]

hm..
Johnbird: I only have one version of this cert8-file, and it is in the location of your file 2. I find no such file in the location you suggest for file 1...

[Joel Gerlach]

I have experienced the same problem. My email account was working with Thunderbird for excess of ten months when suddenly it gave me that error message. I set up my POP3 account in Outlook and it sends and receives fine. This is a problem associated to Thunderbird, and as a lot of people are experiencing this problem, there should be an inquiry as to how to fix it. Has anyone else discovered a solution? Thanks.

~jace

[Joel Gerlach]

I noticed that SSL was enabled in Account Settings->Outgoing Server (SMTP) because SSL has to be enabled with my server. If I clock on any other method it fails in the connect to the server. Is the SSL or TLS the problem?

[BocaBoca]

One of our sales associates with having this problem, so I sat down at his desk this morning and did this:

Once in Thunderbird, I clicked on the TOOLS menu and went down to OPTIONS.

Once the options window opened, I clicked on the SECURITY tab, then on the VIEW CERTIFICATES button.

I then clicked on the WEB SITES tab. Our ISP was listed on this page, showing a folder with an entry underneath. I deleted the entry, clicked OK when the warning came up and then OK to close that window.

I clicked on the VERIFICATION button then to make sure it was set for "Do not use OCSP for certificate verification."

Once I was done with that, I sent out a test e-mail. A warning came up and I simply clicked on the option to accept the certificate permanently. That appears to have fixed the problem.

The big mystery is what broke it in the first place. *shrug*

BB

[Joel Gerlach]

It worked for me! Finally a solution!!! Thank you very much!

~Joel

[Baiyian]

[THREAD UPDATE]

Previously, I tried to change settings in the SMTP. In Tools/ Account Settings/ the Outgoing Server (SMTP) section, under Security & Authentication I've set Use secure connection to: No instead of TLS if available. This solved my problem.

I've updated all my SMTP settings and selected No. No more issue.

Recently, as a test, I returned to my old settings SMTP to TLS if available and it's working at the moment. I still have to give it some time to test it but I'll be back and post my results.

Where the issue lies, I have no clue. For the moment, it's working and I'm keeping my fingers crossed.


Cheers,
C.E.