Thunderbird 社区论坛

Dzień dobry, podczas tworzenia wiadomości i próbie zapisania jej na później, otrzymuję komunikat:

Ostrzeżenie Błąd podczas zapisywania szkicu - W Twojej bazie kluczy nie można odnaleźć identyfikatora klucza „0xD3ADE4868E262032”.

Nie potrafię tego naprawić. System iOS na Mac.

Proszę o wsparcie.

Pozdrawiam

I received 2 notifications stating that 1) The certificate for imap.gmail.com does not come from a Trusted Source and 2) You are about to override how Thunderbird Identifies this site. Legitimate banks, stores and other public sites will not ask you to do this. This site attempts to identify itself with invalid information. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure Signature. I have been with Thunderbird for around 20 years and have contributed to it twice, so please help me!

I have problems every time I try to fetch my imap gmail, with Thunderbird complaining that: "The certificate for imap.gmail.com:993 does not come from a trusted source".

As near as I can tell, imap.gmail.com:993 is still the recommended setting for

Version is Thunderbird 148.0.1 (64-bit). Adding an exception for the missing certificate does not seem to make a bit of difference.

I do not know if the use of Bitdefender as my security and vpn software is a factor. I notice that the certificate (exception certificate?) shown when I click on View Certificate in my gmail account settings appears to mention Bitdefender, so perhaps that's a factor. That certificate looks as follows:

Certificate Subject Name Common Name imap.gmail.com Issuer Name Country US Organizational Unit IDS Organization Bitdefender Common Name Untrusted Bitdefender CA Validity Not Before Mon, 02 Feb 2026 08:37:57 GMT Not After Mon, 27 Apr 2026 08:37:56 GMT Subject Alt Names DNS Name imap.gmail.com Public Key Info Algorithm Elliptic Curve Key Size 256 Public Value 04:2D:20:DA:19:33:1D:AC:28:91:52:02:EB:B8:7E:33:C0:B7:E4:F3:5E:4E:88:92:E5:7E:BB:30:0C:6C:E4:84:A8:3D:D7:49:9B:22:C8:C0:BB:01:80:4B:84:30:3A:3B:73:70:8F:AB:EB:C0:F0:D5:7B:8B:0B:64:1B:DC:76:67:41 Miscellaneous Serial Number 1A:50:ED:15:50:A1:A7:93:5D:05:8A:CD:85:A5:15:FD Signature Algorithm ECDSA with SHA-256 Version 3 Download PEM (cert)PEM (chain) Fingerprints SHA-256 12:8A:58:44:DF:B5:E1:E4:EF:CC:F7:35:09:BA:6E:88:86:16:15:78:F9:28:52:23:FC:0E:E9:69:D1:AF:21:86 SHA-1 A3:30:CB:65:39:51:46:9B:3B:BC:0B:B9:09:DD:26:40:A8:52:25:3D

certificate for imap <edited>@peternedsmith.co.uk is not valid, someone could be trying to impersonate the server and you should not continue, on clicking the more info, on the panel that comes up, if I click on get certificate, the selections below get greyed out and nothing happens, I have viewed the certificate, and it appears to be from the US, I have taken a screenshot of the top part of it, which is below. Regards Peter Smith

DEUTSCH (English see below(:

Hallo zudammen,

Konfiguration: - Window11 25H2 (aktuell) - Thunderbird Beta-6 (BuildID=20260213180051) - gpg2.5.17 (Gpg4Win 5.0.1); siehe auch: <https://www.gpg4win.de/>

Der bisherige und standarmärige Installationspfad von "Gpg4Win": "C:\Progam Diles (x86)\Gpg4Win\" wurde softwareseitig auf: "C:\Progam Diles\Gpg4Win\" geändert!

Bug 1967121 (Closed) => thunderbird148 --- fixed! <https://bugzilla.mozilla.org/show_bug.cgi?id=1967121>

Zur Zeit verfolge ich die Änderungen bezüglich der externen Schlüsselverwaltung in Thunderbird-Beta, da das Arbeiten mit externen Schlüsseln in der esr- und in der relesease-Version von Thunderbird seit der offiziellen Herausgabe von gpg2.5.x absolut nicht mehr möglich ist! Die geheimen Schlüssel für das Entschlüsseln und Signieren werden mit gpg2.5.x nicht mehr gefunden!

In der Schlüsselverwaltung von TB-Beta befinden sich meine öffentlichen Schlüssel und alle öffentlichen Schlüssel meiner Kommunikationspartner. Extern sind meine geheimen Schlüssel gelagert. Folgende Präferenz wurde aufgrund von gpg2.5.x hinzugefügt:

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-04-58-df59be.png

Allerdings erscheint nach all diesen Maßnahmen die Fehlermeldung: "The secret key that's required to decrypt this message is not availlable."

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-05-45-d8280e.png

Mit Herausgabe von Thunderbird/148.0 (release) sind dort die gleichen Probleme mit der externen Schlüsselverwaltung zu bepbachten!

Mit Versionen gpg < 2.5 funktioniert unter Windows alles problemlos!

UNTER LINUX haben hier Änderungen an der Präferenz: "mail.openpgp.load_untested_gpgme_version" nachweislich keinerlei Auswirkungen!

Was übersehe ich?

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ENGLISH:

Hello,

Configuration: - Window11 25H2 (current status) - Thunderbird Beta-6 (BuildID=20260213180051) - gpg2.5.17 (Gpg4Win 5.0.1); see also: <https://www.gpg4win.de/>

The previous and default installation path of "Gpg4Win": "C:\Program Files (x86)\Gpg4Win\" has been changed by the software to: "C:\Program Files\Gpg4Win\"!

Bug 1967121 (Closed) => thunderbird148 --- fixed! <https://bugzilla.mozilla.org/show_bug.cgi?id=1967121>

At the moment, I’m following the changes regarding external key management in Thunderbird Beta, because working with external keys in the ESR and release versions of Thunderbird has become absolutely impossible since the official release of gpg 2.5.x! The secret keys required for decryption and signing are no longer found when using gpg 2.5.x!

In Thunderbird Beta’s key manager, my public keys and all public keys of my communication partners are present. My secret keys are stored externally. The following preference was added because of gpg 2.5.x:

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-04-58-df59be.png

However, even after all these measures, the following error message appears: **"The secret key that's required to decrypt this message is not available."**

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-05-45-d8280e.png

With the release of Thunderbird 148.0 (release), the same problems with external key management can be observed there as well!

With gpg versions **older than 2.5**, everything works flawlessly under Windows!

• • UNDER LINUX**, changes to the preference

"mail.openpgp.load_untested_gpgme_version" have demonstrably no effect at all!

What am I missing?

When my message filter uses the "Reply with Template" action, the reply e-mail is always PGP encrypted, even when I do not have any public key for the recipient e-mail address. As a result, the reply e-mail is always corrupted.

I am using Thunderbird 140.7.1esr on Windows 10.

I have attached a screenshot of what the reply e-mail always looks like.

In the Template that I am using, the "encrypt" button is not selected, and in the OpenPGP menu of the Template, the "Encrypt" menu item does not have a checkmark next to it.

Does anyone know how I can get Thunderbird to send reply e-mails without using encryption?

Hi, With new version 1.143 all accounts are gone, need to re-create my existing mails accoutns (outlook, yahoo, gmail) but all fail on error message "www.mozilla.org uses an invalid security certificate" How to resolve ? Grtz, Jane

Hi. I'm using Thunderbird for my POP account and it has stopped sending messages. It just says, Sending of the message failed. Peer's certificate has expired. The configuration related to (my server name) must be corrected. What am I to do?

I keep getting a certificate error on my Thunderbird. The certificate refers to an email account i no longer have (Personal domain) and i have removed the account in thunderbird, and also removed previous certificate exceptions.

I have been through all menus and settings, and cannot find anywhere where it refers to that domain (and subdomain) I have also removed one entry with that FQDN in the outgoing server section.

What to do?

On Monday, 17 November 2025 the Security Certificate expired and I stopped receiving emails both on my computer and Andriod Device. As a result I am not receiving any emails through Thunderbird, but I can go to email host site to view them.

I logged in my computer tonight and clicked here and clicked there and the error message: "The certificate for mail.homebizmall.net is not valid for that server. Someone could be trying to impersonate the server. Create an exception but this could mean that someone has stolen your certificate and may be able to impersonate you."

So it seems the POP server and the SMTP server certificates were only valid for 3 months and I was FORCED to create the exception for both servers. Now I am worried the security has been breached.

By clicking here and clicking there, I stumbled on a few people who seem to have this problem, but each with their own limitations. My operating System is Windows 10 without the option to upgrade. I have not extended the security updates because I don't understand if it is just the operating system uploading to the cloud or everything on my computer and I am not prepared to do the latter.

Is it safe to leave the band aid on that I have used for the moment? Can I create an exception for the phone? Or is there a glitch that someone needs to walk me through fixing?

Thanking you in advance

Clinton

I am getting an error for an outdated certificate on my mail smtp server and when I try to add a security exception Thunderbird does absolutely nothing when i click the button to add a security exception where I can send mail. I end up having to cancel the window and discard my email. It will also not go view the certificate and if you ask it to check it just hangs up forever in and endless loop of checking.

Sending an email produces the following:

"Send Message Error Sending of the message failed. Unable to communicate securely with peer: requested domain name does not match the server’s certificate. The configuration related to mail.sinnamonlaw.com must be corrected."

After I click OK, the screenshot attached shows up.

Please advise, thank you!

Hi,

I’m using Thunderbird on Windows and recently ran into a certificate warning that I can’t safely interpret, even after searching the web and using AI tools (which gave me inconsistent answers).

Thunderbird tries to connect to the iCloud contacts server p123-contacts.icloud.com (CardDAV). When it does, I get a “wrong site” certificate error. When I click “View certificate”, Thunderbird shows a valid certificate, but not for Apple/iCloud – it’s for login.kraftcom.de (issued by DigiCert / GeoTrust TLS RSA CA G1). I did not accept the exception.

From what I can see online, p123-contacts.icloud.com is a legitimate Apple domain, but it is also mentioned in some phishing / scareware contexts, which makes me even more unsure how to interpret this combination (Apple host + Kraftcom certificate). I’m also not sure whether this is simply a captive-portal / ISP login interception effect or something that should worry the wider community.

My questions:

Is this behavior expected in any scenario, or does it indicate a misconfiguration / MITM situation that Thunderbird should treat as a serious security issue?

Is there anything I should check or change on my side (Thunderbird config, network, ISP, certificates)?

Is there any additional diagnostic information I can provide (logs, screenshots) that would help you assess whether this is a Thunderbird issue or a network/ISP issue?

I specifically did not confirm the certificate exception and I would like to keep my setup secure, but I also want to make sure the community is aware if this is a broader problem.

Thanks in advance for any guidance

When someone sends me a msg, it displays along with the HTTP equivalent? Trying to figure out what setting is out of Wack such that I ses the HTTPS display of the message? Thanks

From Microsoft: "Recent Outlook Mobile updates introduced a stricter and more standards-aligned S/MIME message structure. The messages themselves are valid, but some third‑party mail clients such as Thunderbird do not fully support the way Outlook mobile structures the encryption. As a result, these clients may display a blank message body even though the encrypted content is present.

As a workaround, if you need to send encrypted mail to recipients who use third‑party clients, use Outlook desktop or Outlook on the web instead of Outlook mobile. These versions generate encrypted messages in a format that is more widely supported. "

I couldn't find this reported anywhere in these forums. Is there a solution being worked on to address this issue? Or has anyone found a workaround? We are stuck with using the Outlook app until the Thunderbird app supports S/MIME.

I am getting this message when I try to send email. All of my settings are correct. 'Sending of the message failed. Unable to communicate securely with peer: requested domain name does not match the server’s certificate.