Author Topic: Suddenly impossible to synchronize my inbox with Freenet.de  (Read 4657 times)

Nevs

  • Newbie
  • *
  • Posts: 3
Suddenly impossible to synchronize my inbox with Freenet.de
« on: March 20, 2017, 12:03:10 am »
Dear AquaMail specialists,

it is not possible for me to synchronize my freenet mail account with AquaMail (to check wether there are new mails ) since 06.03.2017. I never changed the account data i. e. I left it as before. If I’m gonna to synchronize, AquaMail always gives me a message like that in German: “Fehler Nachrichten werden synchronisiert: Ungültiges Sicherheitszertifikat (SSL): java.security.cert.CertPathValidatorException: Trust anchor for certification path not found..". I try to translate the German words as follows: “Error while Messages will be synchronized: Invalid security certificate (SSL): …” Sending messages via AquaMail is o. k.

Account settings in AquaMail:
Server-Type: IMAP
Servername: mx.freenet.de
Authentication type: STARTTLS (streng)
Server-Port: 143

SMTP-Server-Name: mx.freenet.de
Authentication type: STARTTLS (streng)
Server-Port: 587

All these settings worked fine before the 6th of March 2017.
There are no problems while using an email client like Thunderbird on my PC (same settings as above)

Any ideas are welcome – I’m really despaired of it  :'(

Thank you so far.

Best regards
Nevs

Nevs

  • Newbie
  • *
  • Posts: 3
Re: Suddenly impossible to synchronize my inbox with Freenet.de
« Reply #1 on: March 20, 2017, 12:59:24 am »
Hi Paris Geek,

Thanks a lot for your suggestions. I tried several combinations with different authentication types and ports but still no synchronisation possible.
It's a very strange thing because Freenet recommends the above settings and they did work until noon at the 6th of March!???

Best regards
Nevs

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Re: Suddenly impossible to synchronize my inbox with Freenet.de
« Reply #2 on: March 21, 2017, 08:46:33 pm »
Freenet recently missed updating their SSL certs, letting them expire (a couple of weeks ago).

Now they've updated the certs, but they used as CA that some Android versions don't know about.

Please use:

Same server name

For IMAP (incoming): security SSL (accept any) and port 993
For SMTP (sending): security SSL (accept any) and port 465

The "accept any" will bypass Android not being able to validate the cert.
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/

Nevs

  • Newbie
  • *
  • Posts: 3
Re: Suddenly impossible to synchronize my inbox with Freenet.de
« Reply #3 on: March 23, 2017, 02:14:38 pm »
Hi Kostya,

thanks a lot for your help and explanations. Your suggestion works even if I
use STARTTLS (strong), Port 587 for SMTP?!
Btw. isn't it a little bit insecure to use "accept any"?

Best regards
Nevs

Kostya Vasilyev

  • Hero Member
  • *****
  • Posts: 12740
Re: Suddenly impossible to synchronize my inbox with Freenet.de
« Reply #4 on: March 24, 2017, 10:11:13 pm »
Re: Btw. isn't it a little bit insecure to use "accept any"?

Yes it is less secure than "strict" because that skips CA validation.

It was Freenet's decision to use a cert that just happens to not pass validation on older Android version, not ours.
Creating debug logs for diagnostics: https://www.aqua-mail.com/troubleshooting/

The official FAQ: https://www.aqua-mail.com/faq/

Лог-файлы для диагностики: https://www.aqua-mail.com/ru/troubleshooting/

Вопросы и ответы: https://www.aqua-mail.com/ru/faq/