Все продукты: форум сообщества

I have suddenly started to receive this message when I open Thunderbird "Certificate for IMAP Gmail does not come from a trusted source". When I click on this message I get the attached screenshot.

I've gone through the forums by I can't understand what it is written. It seems like everything that is written is designed for people who have a good understanding of technology. I don't but I was able to determine that the OAuth is properly set.

I am using 128.14.0esr (64-bit) Thunderbird for Linux Mint mint-001 - 1.0 Updates disabled by system administrator Currently on the esr update channel

Hi,

I’m using Thunderbird on Windows and recently ran into a certificate warning that I can’t safely interpret, even after searching the web and using AI tools (which gave me inconsistent answers).

Thunderbird tries to connect to the iCloud contacts server p123-contacts.icloud.com (CardDAV). When it does, I get a “wrong site” certificate error. When I click “View certificate”, Thunderbird shows a valid certificate, but not for Apple/iCloud – it’s for login.kraftcom.de (issued by DigiCert / GeoTrust TLS RSA CA G1). I did not accept the exception.

From what I can see online, p123-contacts.icloud.com is a legitimate Apple domain, but it is also mentioned in some phishing / scareware contexts, which makes me even more unsure how to interpret this combination (Apple host + Kraftcom certificate). I’m also not sure whether this is simply a captive-portal / ISP login interception effect or something that should worry the wider community.

My questions:

Is this behavior expected in any scenario, or does it indicate a misconfiguration / MITM situation that Thunderbird should treat as a serious security issue?

Is there anything I should check or change on my side (Thunderbird config, network, ISP, certificates)?

Is there any additional diagnostic information I can provide (logs, screenshots) that would help you assess whether this is a Thunderbird issue or a network/ISP issue?

I specifically did not confirm the certificate exception and I would like to keep my setup secure, but I also want to make sure the community is aware if this is a broader problem.

Thanks in advance for any guidance

certificate for imap <edited>@peternedsmith.co.uk is not valid, someone could be trying to impersonate the server and you should not continue, on clicking the more info, on the panel that comes up, if I click on get certificate, the selections below get greyed out and nothing happens, I have viewed the certificate, and it appears to be from the US, I have taken a screenshot of the top part of it, which is below. Regards Peter Smith

I generated a CSR file via the instructions at https://support.mozilla.org/en-US/kb/instructions-smime-certificate-using-csr#thunderbird:linux:tb145 . After submitting and receiving a certificate from a CA, importing it the People tab of the Certificate Manager does not do anything: nothing new appears in the Your Certificates tab.

Where are the private keys associated to the generated CSRs stored? How can I access them to resolve this?

Running 140.5.0esr via flatpak on Fedora 43 Kinoite.

I have 2 emails provided by my ISP (knology), I have received no emails since 7:30 on 12/5, the are on the webmail site. The other 2 emails are gmail accounts they are working fine. I am getting a message, "The certificate for imap.knology.net is not valid for that server. Someone could be impersonating the server, you should not continue."

 The fact that the gmails work and knology does not work is a clue but I don't know what it means.

I have contacted my ISP and after 45 minutes they gave up and said they will escalate and get back to me,

with in a couple days! it was on a Saturday.
                                                         Thank you, Mike

Hello,

I have read this one https://support.mozilla.org/en-US/kb/openpgp-thunderbird-android-howto and I was aiming for additional detailed info on a specific step in the "Select an encryption key or create a new key" section.

From Thunderbird Desktop I can already send/receive encrypted emails from a specific email account and I have exported, on my laptop, my private and public keys as well as the public keys of some contacts.

On my Android phone I have Thunderbird for Android (version 14) already set up for the same email account and, in order to start using email encryption, I understood from the above link that I first need to install OpenKeychain and then, from the image in step 2 of "Select an encryption key or create a new key" and from the text of the subsequent step 3, that I'll need to choose "I already have a key. Import end-to-end key from other device" and then, if I got it right, try to find the keys which I exported on my laptop from Thunderbird Desktop.

Are there any precise details on how to find those exported keys and load them into OpenKeychain? Meaning, for instance, do I need to copy/paste the keys from my laptop into the archive of my Android phone and then direct Thunderbird/OpenKeychain to that location to pick them up?

Any type of details/links/docs/videos with respect to this, will be useful. As well as any explanations in case I understood wrongly and what I am trying to do is not the proper way to proceed.

Please note: I am not an expert.

Thank you

Best Regards

I am using an email server that currently is using certificates that have expired. That problem is being worked on. In the meantime, whenever I access the server to open a folder, I get a pop-up notification telling me that the certificate has expired. I go ahead and confirm the security exception and check the box to permanently store the exception. Trouble is this ISN'T being persisted, when I open a different folder I have to go through this process again in order to access my emails in that folder.

Me thinks you got a bug in your software Kemosabe!

Thunderbird says this "the certificate for imap.supanet.com does not come from a trusted source". however I have used this email for some time and am happy with it . can I continue with this certificate as I do trust this source

A couple months ago, I asked internet provider to discontinue service. I continued to get emails from their server anyway. In fact, I think I am continuing to get some from them but appears they maybe forwarded to my gmail address instead of iowatelecom.net address that I was using. Now, when Thunderbird downloads my emails, first thing that pops up is a message saying "The certificate for imap.iowatelecom.net is not valid for that server. Someone could be trying to impersonate the server and you should not continue." Then, it gives me the little box with "Dismiss", that I can check. It will go ahead and download my emails into the gmail folder. The iowatelecom.net folder is in RED and no emails are going to that folder. Can I or should I get rid of the iowatelecom.net folder and if so, how should I proceed. Just don't want to mess everything up. Thanks for the help.

I'm using Thunderbird 140.5.0esr. I have a remote email server on a small "linode" and recently had to restore it from a backup.

When opening Thunderbird, I get the message "The certificate for adonax.com expired on 10/29/2025." I've been getting emails up to and including yesterday.

I ran the renewal program (sudo certbot renew) from the command line of my remote server, and was told the certificate did not need renewing. The "expiry date" is shown to be 2026, March 20 when having certbot display the certificate information.

So, there is some sort of disconnect happening in the communications between Thunderbird and the locations of the certificates on my server. I'm hoping for some advice as to how to trace the path. One possibility is that there is a location on my server that is used to connect to the certs and this is holding stale information due to the recent restore done for the remote server. Another is that maybe there is cached information or something else blocking the request from Thunderbird.

From Thunderbird, I am presented with a form "Add Security Exception". This indicates that thunderbird is contacting the location adonax.com:993. I checked the port from the server using UFW and it is open to all. The Thunderbird form however hangs when I hit the "Get Certificate" button, and clicking the "Confirm Security Exception" appears to do nothing. The button "View..." opens a tab with the expired certificate. All the information on the certificate that is displayed by Thunderbird looks good, matches what I have in terms of URLs, but the dates are wrong.

Is there perhaps something blocking thunderbird from using port 993? Is there a way to test that? If 993 is working, I will try to research what is going on there at the Ubuntu end. I tried putting adonax.com:993 in Chrome and got an ERR_UNSAFE_PORT, for what that is worth.

Hi I just wondering that if the developer of Firefox can make or improve more about personality and security online I hope they can make The possibility to encrypt browser with browser more like you are of another browser to encrypt into one

I have 4 emails in Thunderbird, one of those I also have on my phone, it is receiving mail, on my desktop, two of the emails have no email today, and two I have only one email, all should have 10 to 20 or more emails. I do have the emails on the website, but they are not loading onto Thunderbird. I get this message, "The certificate for imap.knology.net is not valid for the server. Someone could be trying to impersonate the server and you should not continue.

 Can you offer any help?

Hello, My SMTP server uses Let's Encrypt certificate. The website with the same domain has no certificate. Thunderbird refuses to connect to my SMTP server. Test connection to the server (STARTTLS) in account settings sais "The secure connection to the server failed" (or similar. I see bg localization). Another server with Let's Encrypt certificate. Test pases. Clicking View certificate shows webserver cert (from DigiCert Inc).

I can't send emails! :)

Regards! Valentin

Hello,

I just did a full windows defender scan and it turns out Trojan:Script/Wacatac.H!ml popped up when it was done and it said the files affected were:

containerfile: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere

file: C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\.default-release\cache2\entries\InsertHashHere->(GZip)

I removed the hashes or whatever they were behind the entries, I was wondering if this was a false positive? I didn't notice any slowed down or hacked accounts, also windows defender quarantined it. I've also reinstalled Firefox and deleted all folders associated with Mozilla in AppData.