One account forgets certificate exception after reboot
Context: Windows 11 23H2, Thunderbird Portable (102.15.1, stubbornly declining updates until the Supernova IU starts looking tolerable), Avast Antivirus. Multiple email accounts on various servers, all POP3.
For the last several months (not sure when it started, but I first took a screenshot in October 2024, so perhaps that was the first time), after each time I reboot my PC, the first time I send an email using one particular account will trigger a complaint about a bad certificate, which is probably caused by Avast getting in the middle of the process. Clicking "View..." opens a tab with certificate information. I'm attaching screenshots.
I assume my other accounts also had a similar complaint when they were first used, but it has been a long time since I added a new account and they are all quiet now. But on this account, I get it the first time I send mail (normally a reply to someone else - this is not my default account for new messages) after each reboot. When I click "Confirm Security Exception" with the "Permanently store this exception" checkbox checked, the next thing I get is "Send Message Error" (see the third screenshot), then I click OK, and then I can hit "Send" again and the message is sent with no complaints. Then I can also send future messages with no complaints until the next time I reboot. (I don't reboot often - normally just when Windows needs to do an update.) This is the only account on Dreamhost (others are InMotion or Google), but other than that, there is nothing special about it, as far as I know. Why is it forgetting my "permanent" exception? Is there a setting somewhere that I should look for?
I just now tried following the instructions on this page: https://support.avast.com/en-us/article/troubleshoot-invalid-antivirus-email-certificate But it says, "This certificate is already installed as a certificate authority." Perhaps that is because I have already gone through the process for this reboot cycle, but if TB needs a new Avast certificate or exception each time I reboot (due to something changing in Avast, perhaps), I'd think the first email I send through any server would ask for the exception, but it's never any other account - just this one Dreamhost one. Fortunately it's just an inconvenience, not a showstopping problem, but it would be nice to solve it eventually.
All Replies (3)
The cert generated dynamically by Avast is for *.dreamhost.com or dreamhost.com. However, TB is trying to access the server sub5.mail.dreamhost.com. So there is no match, and therefore you do get the error message as per your third screenshot. You're prompted to create an exception because Avast will generate a new cert after every reboot.
I'd disable the silly SSL/TLS scanning in Avast. Or better yet, get rid of Avast altogether, and stick with Microsoft Defender.
If Avast is generating a new cert each reboot, why aren't my other accounts giving the same message? And why don't I get similar complaints when TB connects to POP incoming mail?
As for turning off stuff instead of troubleshooting it, I don't see a way to disable only SSL/TLS scanning in mail without disabling scanning of outbound mail entirely. That might be fine, as Thunderbird wouldn't be sending junk unless it gets hacked, so I just now did that. But I still want to understand what's going on, for education at least.
If Avast is generating a new cert each reboot, why aren't my other accounts giving the same message?
The problem is specific to your dreamhost.com account due to the way Avast dynamically generates the cert for that account. The other accounts do not have that problem.
And why don't I get similar complaints when TB connects to POP incoming mail?
I don't know. Presumably the answer is in your account settings and/or the way you use that account. But I'm not going to speculate.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.