Is there an error in your Security Certificate?

Discussion in 'Email' started by GroverparkGeorge, May 11, 2019.

  1. For the last week or so, Outlook always complains when I try to open my email account, with the message below:
    upload_2019-5-11_9-45-40.png

    I have attempted to Install the certificate multiple times.

    I have deleted and readded the email account, again multiple times.

    This happens on two different Win 10 Computers. One has Office 2016, the other has Office 2019 installed.

    Is this because of your security certificate? Or is it a bug in Windows/Office?
     
  2. Elshadriel

    Elshadriel Winhost Staff

    It's probably the SMTP/POP3 host/server name you are using in Microsoft Outlook. What host/server name are you using?
     
  3. I'm using whatever was configured by Outlook when I add the account....

    I guess I can check that, but what difference would that make?
    I use IMAP, not POP3. Would that make a difference?
     
  4. ComputerMan

    ComputerMan Winhost Staff

    Sorry,

    You need to update the Incoming and Outgoing host name to use your real mail server URL. This host name can be found in the control panel's Email Manager Section.

    Sites tab > Site account > Email icon.
     
  5. Okay. But first, what is the "real mail server URL" I need to use? The one on the certificate or the one assigned to me by WinHost?

    And, where do I do this? In Outlook?

    As I said, Outlook never gave me a chance to specify any servers. It just found and configured the email account I asked for.
     
  6. I think I figured it out. Thanks.

    I am puzzled, though, as to why Outlook would resolve my account and configure it to work using the mail.XXXXXX.com server name which I have used for years, but it has to have the XXX.internetmailserver.net server to actually recognize the certificate now. What changed? Is it a problem resolving the server name? Or did Microsoft change Outlook?
     
  7. Elshadriel

    Elshadriel Winhost Staff

    Not sure why it was configured using mail.XXXXXX.com. Might have pulled the information from your MX records, but it has to use XXX.internetmailserver.net because that's what the SSL Certificate is bound to (the *.internetmailserver.net domain name, not yours.) It wouldn't have worked with mail.XXXXXX.com.
     
  8. To clarify what did and didn't work.

    I DID set up Outlook for IMAP with my WinHost email accounts using Outlook's automatic configuration. That works.

    However, I had to accept/re-accept the WinHost security certificate every time I started Outlook. Outlook then read/sent/managed all emails as expected. In other words, the problem is only when one simply allows Outlook to find and configure the email account(s) that this conflict occurs--at least that's been the problem for the last few weeks. One day everything was working correctly as it had for years. The next day Outlook stopped recognizing your security certificate and asked me whether I wanted to trust it anyway. No changes on my part. That's why I first hypothesized the cert might not be good. Nothing that I knew of changed on my side.

    In fact, I've used MS Outlook this same way -- mail.XXXX.com or smtp.XXXX.com--for many years, since version 2003 with POP3/SMTP at least. This is the first time this problem appeared and it occurred about a month or so ago.

    Actually, I suspect it's more complicated than it appears on the surface. Perhaps it was a Windows or Office update. We all know how much MS likes to introduce new bugs to offset every new feature update....

    Thanks are in order, though. Your help allowed me to solve the problem. Plus I got to learn something new in the process and that's always a good thing.

    George Hepworth
     
  9. Elshadriel

    Elshadriel Winhost Staff

    Thanks for the information, George. I'm sure it will help out others in the future. I don't know what caused the issue, but you might be right -> that a recent Windows/Office update caused the problem. I wouldn't be surprised since I've experienced my fair share of that happening to me. :)
     
  10. Hi George,
    Just curious if you discovered any more information about why this happened?
    I use the Thunderbird client (not Outlook) to access my site mail and it just today started to have the same certificate problem you describe.
     
  11. Yes, and no.

    I have to reenter the mail server "XXX.internetmailserver.net" periodically because Outlook seems to lose track and revert to "mail.XXXX.com" from time to time. If I just start Outlook, it seems to be okay, but sometimes when I try to respond to an email by hitting "reply" I still get this problem. I know now to reenter "XXX.internetmailserver.net" and move on. Life's too short to get twisted up over it.

    I am still very suspicious because I've had my account here at Winhost for MANY years with no problems in this regard. I.e. mail.XXXX.com worked for the previous five or six years. This problem only appeared in May, 2019, 6 months ago.
     
  12. Thanks for the reply George,
    Ok , I'm going to try making that "XXX.internetmailserver.net" change to my Thunderbird settings.
    I am just cautious, because the Certificate warning says "... could mean someone is trying to impersonate this site"
    ----------------------
    What's strange is that
    In the Winhost Control Panel

    Site Info panel lists this
    SMTP/POP/IMAP: mail.xxxxxxx.com

    And I don't see anyway to change that in Winhost.
     
  13. Ok, just for posterity and anyone else stumbling on this problem. The above solution fixed the problem.
    In Thunderbird I changed Incoming and Outgoing mail servers
    from mail.XXXXX.com
    to "mxx.internetmailserver.net" ('real' server name stored in the site Winhost Control Panel, Email icon)

    No idea how/when the 'real' server name got changed because it used to be mail.XXXXX.com. I know because I recorded it in a text file years ago when I moved the site to winhost. Must have gotten changed by some winhost maintenance cycle.

    Thanks George for this thread.
     
  14. ComputerMan

    ComputerMan Winhost Staff

    Apple and Thunderbird have issued an update to force everyone to use TLS/SSL with their email clients.

    Fortunately we do have a SSL Certificate installed on our mail server that you can use with your email client.

    To get to the new host name. You need to log into the control panel.

    Click
    on Sites tab

    Click on your site account.

    Click
    on Email icon.

    In this case you will need to change your incoming and outgoing host names to: ##.internetmailserver.net
     
  15. Just an FYI to better clarify what is happening, and hopefully for WinHost staff to provide a more technologically correct (and customer-centric) configuration/fix to this issue:

    Your email is hosted on a server named m##.internetmailserver.net The ## portion (or even, legitimately) the whole name could change at any time - the provider (WinHost, in this case) can move your email around for load balancing or failure recovery purposes, or whatever reason.

    It's not reasonable for you to have to change your mail server name every time something happens. Most of us (you and I) set this ONCE (likely YEARS ago) and never touch it again, so we probably don't even remember where to do this, and also don't easily remember where to find out what the current server name is.
    The provider "redirects" things for you so that you can simply specify mail.mydomainname.com (easy to remember) and if they ever change the server your mail is hosted on, they can just change the redirection, too, and you're none the wiser, and it continues to work without you having to change anything.

    Additionally, there's an "autodiscover" feature within the email specs that allows the provider to set certain parameters (like mail server name, and connections ports, and other stuff). If they set up and maintain this, then you never have to know any of this stuff.
    Many email clients (notably, in this case, Outlook) use this feature when you set up your email account so that all you have to do is provide your email address, and it looks up all of the other information required and sets up everything for you, no muss, no fuss. Great.

    So... what happened? Well, you and I should expect WinHost staff to dig a little and find out and fix it. I suspect that something got changed with autodiscover, or perhaps the certificate infrastructure they use.

    In fact, if you reference their KB article on how to encrypt your connection (https://support.winhost.com/kb/a132...en-your-email-client-and-the-mail-server.aspx) they state that you can (should) change your server name from mail.mydomainname.com to m##.internetmailserver.net.

    Not BEST practice, from an ease-of-use perspective, although it IS for stability purposes. But if anything changes, you and I have to maintain it.

    But, again, WHAT HAPPENED? This is not necessarily an Outlook thing, as suggested above. And it's unlikely that something changed in Outlook AND Thunderbird.

    Because the problem is, next time something changes, we will likely be faced with the same problem - no warning or notification, we start getting these errors, get told we can "safely ignore them" (a terrible answer), keep asking questions, getting shrugged shoulders in response, and finally realize what's going on and jump through the hoops of going to our control panel to find out what our new email server is SUPPOSED to be, and then change it in our mail client (on ALL of the devices we use to read mail).

    (caveat - PERHAPS all the mail clients, at the same time, started requiring TLS, and maybe we never were using encryption, but then were forced to. But then, I expect my provider to be aware of such a dramatic shift in the entire market, and let me know. I use autodiscover with all of my email account providers - 5 of them - and this is the only account with an issue)

    I expect more of my provider, and you should, too...
     
  16. JoeB1,
    Thanks for this explanation. I agree 100%.
    Hopefully Winhost staff is listening and will resolve this permanently.
    I spent a lot of time trying to resolve this issue and by the time it happens again I will probably have forgotten the solution.
     

Share This Page