Intermittent error: Invalid SSL Certificate

[juwin_pt]

I am on Nexus 5, Marshmallow OS, using Aquamail Pro.

I have 2 exchange emails configured on Aquamail. Refresh is not set to be automatic. When I manually request the refresh, one of the email boxes, refreshes without any issues. While the other one, sometimes gives out Invalid SSL Certificate message. The error sometimes goes away, if I try to refresh after a few minutes.

Log is attached. I have replaced the company names with 1234567890 & 0987654321 in the log. It is the email address with 1234567890 that gives me errors.

Thanks,
Juwin

[Kostya Vasilyev]

Thank you for the log.

The error is legitimate.

Looks like the mail server is load balanced (two IP addresses), and the cert on one of them is either self-signed or is not from a CA known to Android.

Please long press the account -> account setup -> Manual

- Change the server address to 116.66.145.30 (this is from your log, you can look it up yourself, say MX Toolbox web site)

OR

- Change "encryption" from "strict" to "accept all".

[juwin_pt]

Thanks very much for the reply. I have tried setting the SSL to "accept any". I will see if this fixes the error and if not, try the other method.

Best Regards, Juwin

[Pcause]

I am getting this as well with the most recent test builds.  It happens on gmail and yahoo using imap.  I hate to set "accept any" becuase of security and MITM.

[StR]

Are you getting the error that says "Invalid SSL Certificate"? Or the error that says that SSL Certificate has changed?

If it is the former, - I am a bit surprised: usually Gmail certs check out fine.

If it is the latter then:
I am not using Yahoo, but I know that Gmail has changed (or in the process of changing) their certificates earlier today.
Yet another user has reported it earlier today on this forum. I also received a notification from Aquamail that the SSL certificate has changed myself.
I assume that it might not be rolled out to all Gmail servers at once, - so depending which server Aquamail gets connected, you might have it jumping back and force for a few hours, but than it should go away.

HTH.

PS. You can read in more detail the FAQ, this item in particular:
'SSL certificate change', Gmail and others
http://www.aqua-mail.com/?page_id=227

[Kostya Vasilyev]

@Pcause: same question, invalid cert or cert change?

For certificates to change, from time to time, is perfectly normal.

And if you asked (cofigured) the app to track the changes, then it will do as requested, notifying about those changes and waiting for you to accept. To do this, tap the error message, then tap the certificate "change" which you deem safe, and "accept".