Thunderbird Community Forum

Server Posteingang IMAP (empfohlen) imap.vodafonemail.de Ports für Posteingang IMAP SSL: 993 / TLS: 143

Server Postausgang SMTP smtp.vodafonemail.de Ports für Postausgang SSL: 465 / TLS: 25 oder 587

When adding a new email account, the built-in web browser launches and displays the OAuth screen. To verify the security of the destination site, I want to click the green lock icon in the URL bar to check the details, but I can’t click it.

Does a green lock icon mean a secure connection has been established?

Am receiving a message reading-

The certificate for imap.gmail.com does not come from a trusted source.

Why do I suddenly (from one day to another) receive the message: "Das Zertifikat für imap.gmail.com stammt nicht von einer vertrauenswürdigen Quelle."

when trying to downlowd messages from Gmail?

I have not changed anything at all.

Hello,

I am writing this message in regards to Thunderbird's GPG support after v68, in the last hope that someone suggests a solution that moves me away from version 68. I consider the current state broken.

My PGP keys reside on a Yubikey, but smartcard usage has been broken after v68, as none of the supposedly correct setups work. It should work pretty much out of the box, but it doesn't. The whole idea of moving away from Enigmail without having a properly, fully implemented support, including for smartcards, or at least for working with GPG, was utterly misguided, IMO, and broke the once nice client.

I enabled gpg usage and fetching in Settings, I imported my pubkeys to Thunderbird's PGP manager, then added my external key (with GPG). Everything looks fine. But when I click an encrypted message, I get "The secret key that is required to decrypt this message is not avaliable". Nah, it's available and it's there! The pinentry isn't appearing at all and this is the result. I believe this is TB's fault, as the pinentry correctly appears with everything else I do, also with TB 68 + Enigmail. The setup is the same. I am using the latest Gpg4win.

Settings:

mail.openpgp.allow_external_gnupg - true mail.openpgp.fetch_pubkeys_from_gnupg - true mail.openpgp.alternative_gpg_path - has no effect whether set or not

gpg-agent.conf:

enable-win32-openssh-support default-cache-ttl-ssh 900 max-cache-ttl-ssh 1800 no-allow-external-cache default-cache-ttl 300 max-cache-ttl 3000 ignore-cache-for-signing allow-loopback-pinentry

gpg.conf:

utf8-strings auto-key-locate local use-agent

FYI, adding "pinentry-program" has no effect on solving the problem, whether set or not.

Your suggestions are welcome!

On my Linux machine, I exported the public key for an email address in Thunderbird 140.8.0esr (64-bit) into a file. I transferred the file to my Windows 11 machine via Warpinator.

On the Windows machine I am running Thunderbird 148.0.1 (64-bit). In Account settings>End-to-End encryption, I click Add Key>Import an existing OpenPGP key>Select File to import, and then I select the file.

I get an error message: Error! Failed to import file.

I'm surprised. I would think that going from one installation of Thunderbird to another would work this way. I am concerned that I won't be able to read incoming encrypted emails without the key working.

Can someone help me?

I receive a lot of Thunderbird messages with this text (in French) :

"Le certificat pour imap.gmail.com ne provient pas d’une source sûre."

What I have to do please Thnx

Running Thunderbird 140.8.0esr 64bit Windows 11 Home, v25H2 932GB storage 32GB ram i7-13700k

Recently, I've started getting the following message every time I launch Thunderbird: "The certificate for imap.googlemail.com does not come from a trusted source."

Digging into details I get: "you are about to override how Thunderbird identifies this site" "Location: imap.googlemail.com:993" "This site attempts to identify itself with invalid information" "Unknown Identity. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature."

Digging deeper into the certificate I find the issuer is Bitdefender who I use for antivirus and VPN. However, the VPN shows no effect when enabled or disabled. The validity period is 2 Feb 2026 to 27 Apr 2026

l can get email, but cant send it. Is Bitdefender at fault?

I'm stumped. What should I do???

Thunderbird 140.7.0esr allows me to e-mail my OpenPGP public key to myself, but it doesn't seem to have any way for me to get access to my private key. I was wondering how to export keys? Thanks!

I am using a E-mail server that uses LetsEncrypt certificates. I was using Thunderbird 128 ESR without problems. When the certificate was updated, I was requested to confirm - then sending E-mails was possible. Now I have updated to Thunderbird 140 ESR. The E-Mail servers LetsEncrypt certificate was now updated but in Thunderbird I do not get any information about this, nor get I requested to check the new certificate. The SMTP connection just fails. The IMAP access to the E-mail server works fine. (IMAP and SMTP work both fine with K9-Mail on my mobile device)

How can I get Thunderbird to ask me again to check the updated certificate?

I'm using Thunderbird 140.5.0esr. I have a remote email server on a small "linode" and recently had to restore it from a backup.

When opening Thunderbird, I get the message "The certificate for adonax.com expired on 10/29/2025." I've been getting emails up to and including yesterday.

I ran the renewal program (sudo certbot renew) from the command line of my remote server, and was told the certificate did not need renewing. The "expiry date" is shown to be 2026, March 20 when having certbot display the certificate information.

So, there is some sort of disconnect happening in the communications between Thunderbird and the locations of the certificates on my server. I'm hoping for some advice as to how to trace the path. One possibility is that there is a location on my server that is used to connect to the certs and this is holding stale information due to the recent restore done for the remote server. Another is that maybe there is cached information or something else blocking the request from Thunderbird.

From Thunderbird, I am presented with a form "Add Security Exception". This indicates that thunderbird is contacting the location adonax.com:993. I checked the port from the server using UFW and it is open to all. The Thunderbird form however hangs when I hit the "Get Certificate" button, and clicking the "Confirm Security Exception" appears to do nothing. The button "View..." opens a tab with the expired certificate. All the information on the certificate that is displayed by Thunderbird looks good, matches what I have in terms of URLs, but the dates are wrong.

Is there perhaps something blocking thunderbird from using port 993? Is there a way to test that? If 993 is working, I will try to research what is going on there at the Ubuntu end. I tried putting adonax.com:993 in Chrome and got an ERR_UNSAFE_PORT, for what that is worth.

I have 4 emails in Thunderbird, one of those I also have on my phone, it is receiving mail, on my desktop, two of the emails have no email today, and two I have only one email, all should have 10 to 20 or more emails. I do have the emails on the website, but they are not loading onto Thunderbird. I get this message, "The certificate for imap.knology.net is not valid for the server. Someone could be trying to impersonate the server and you should not continue.

 Can you offer any help?

I have 2 emails provided by my ISP (knology), I have received no emails since 7:30 on 12/5, the are on the webmail site. The other 2 emails are gmail accounts they are working fine. I am getting a message, "The certificate for imap.knology.net is not valid for that server. Someone could be impersonating the server, you should not continue."

 The fact that the gmails work and knology does not work is a clue but I don't know what it means.

I have contacted my ISP and after 45 minutes they gave up and said they will escalate and get back to me,

with in a couple days! it was on a Saturday.
                                                         Thank you, Mike

I generated a CSR file via the instructions at https://support.mozilla.org/en-US/kb/instructions-smime-certificate-using-csr#thunderbird:linux:tb145 . After submitting and receiving a certificate from a CA, importing it the People tab of the Certificate Manager does not do anything: nothing new appears in the Your Certificates tab.

Where are the private keys associated to the generated CSRs stored? How can I access them to resolve this?

Running 140.5.0esr via flatpak on Fedora 43 Kinoite.

My e-mail provider has done the annual update of security and provided a new e-mail cert; however, Thunderbird no longer successfully updates it.

Thunderbid gets to the point of confirming the security exception; however, does not proceed.

This is using ThunderBird 140.4.0esr (64-bit) from Ubuntu Snap, on Ubuntu LTS 24.04.3.

I have several iterations of installing SMIME on my email account. I know the pf12 file is valid and it works on all my Android systems. However, when I try to send a digitally signed email on Thunderbird under Ubuntu, I get the message that either the SMIME certificate cannot be found or it has expired even though I went through the correct process to install it (and it shows up on the End to End Encryption settings) and when I display it, it indicates an expiry date of 2027. I have also tried to bundle it with the intermediate certificate but I still get the same error. I even tried to create my own personal SMIME certificate and use it (using SSL) and it had the same issue. Anyone have any suggestions?

This is the error I get: "Sending of the message failed. You specified that this message should be digitally signed, but the application either failed to find the signing certificate specified in your Mail & Newsgroup Account Settings, or the certificate has expired."

Do I need to put the SMIME certificate in a specific folder in order for it to be "re-found"

Hello,

I am moving over to Thunderbird from outlook. I have about 8 emails with two domains. First email works okay. The second one on the same domain has turned red on the left panel and thunderbird keeps poppoing up the certificate for mail.xxx.com is not valid for the server. The other works I added the exception when setting it up. The mail server is another domain used from my cpanel hosting provider. So it does not match the domain of the emails.

I can't seem to find a way around this to get it to work. Also I under account settings it looks correct. I am thinking this error message is the incoming mail server? I don't see under account setting anything for incoming mail server which on my hosting is the same for incoming and outgoing. Appreciate any help.

Thank you!

Over a month ago I began experiencing an error message when attempting to send emails from my gmail account using Thunderbird (TB). Error msg reads: Sending of the message failed. An error occurred while sending mail. The mail server responded: Must issue a STARTLS command first. For more information go to: https://support.google.com/a/answer/3221692 and review RFC 3207 specifications. 00721157ae682-765bb916a90sm38332507b3.4-gsmtp. Please verify that your email address is correct in your account settings and try again.***While I have looked at all of this, I can't really find a solution I know how to implement.***

I can send emails using Google webmail and when I do, the emails show up in my TB Sent items folder. I'm totally stumped and considering moving to Outlook. But TB has been perfect for me for years and I want to stay with it. Any help will be much appreciated!