Do you have TB 78.4 or later? There was a fix for self-signed certificates in that version:

https://www.thunderbird.net/en-US/thunderbird/78.4.0/releasenotes/

What is the antivirus on the non-working systems? Programs like Avast that scan SSL connections often cause problems.

Unfortunately, people are having problems with the latest version of Thunderbird (so v78.4.3).

I doubt it's related to the antivirus we use (NOD32); it's never interfered with sending email before version 78, one person with Outlook installed on the same laptop was able to send emails using Outlook but not Thunderbird, and I don't really see how a conflict with an antivirus program would result in Thunderbird displaying the message "Certificate key usage inadequate for attempted operation".

Do you get an exception prompt to override the error?

Try to inspect the troubled cert. Does it have any 'X509v3 Key Usage' or 'X509v3 Extended Key Usage' extensions? What are they?

Unfortunately, people are having problems with the latest version of Thunderbird (so v78.4.3). I doubt it's related to the antivirus we use (NOD32); it's never interfered with sending email before version 78, one person with Outlook installed on the same laptop was able to send emails using Outlook but not Thunderbird, and I don't really see how a conflict with an antivirus program would result in Thunderbird displaying the message "Certificate key usage inadequate for attempted operation".

You can put your doubts to rest by running Windows in safe mode, and then see if the error message still appears in TB.

Thank you for your suggestions!

Try to inspect the troubled cert.

Inspect how? I tried viewing it in Thunderbird's certificate manager, but I didn't see anything related to "X509".

run Windows in safe mode, and then see if the error message still appears in TB.

I started one of the laptops in question in Safe Mode with Networking, but we couldn't get any internet connection in Safe Mode and so couldn't test Thunderbird.

Thank you for your suggestions! run Windows in safe mode, and then see if the error message still appears in TB. I started one of the laptops in question in Safe Mode with Networking, but we couldn't get any internet connection in Safe Mode and so couldn't test Thunderbird.

Can you run in safe mode with networking over wifi by following these instructions?

One user managed to get networking to work in safe mode. Safe mode made no difference for the problem; the error message is still "Certificate key usage inadequate for attempted operation. The configuration related to [mail server] must be corrected".

What about trying this: Menu icon > Options > Privacy & Security scroll down to 'Security' section Under 'Certificates' - click on 'Manage Certificates' button Select 'Authorities' tab selected the relevant Certificate and click on ‘Edit Trust’

Try to inspect the troubled cert. Inspect how?

If you get an exception prompt to override the cert error, you can press the 'View' button' to inspect the cert.

You didn't answer the question whether you get an exception prompt in the first place.

Editing the trust settings didn't make any difference.

There's no exception prompt. (Sorry about missing that question.)

I'd suggest you raise a bug in Bugzilla. https://bugzilla.mozilla.org/

This kind of problem has happened in the past, and it was somehow fixed at that time.