SSL cert renewed, POP Peeper still getting old one

Email-related messages: Mail service provider announcements, general help, other
Post Reply
nut
Posts: 16
Joined: Wed Sep 15, 2010 8:25 pm

SSL cert renewed, POP Peeper still getting old one

Post by nut »

I own my own domain, mainly for the email service. My irresponsible web host allowed the SSL certificate on the shared domain to expire the other day, breaking just about everything, including web-based email and IMAP.

They renewed the certificate later that day, and since then I've been able to access web-based email. But none of my email clients work. POP Peeper on my Windows PC and my Android email client are still getting the old, expired cert, and throwing errors. My wife's iPhone seems to be doing the same.

I know the workaround (bypass certificate validation or add an exception), but why on Earth would the email clients still be getting the old certificate, if the website has a new one?
Last edited by nut on Tue Jun 22, 2021 7:58 am, edited 1 time in total.
User avatar
mjs
Moderator
Posts: 1890
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL cert renewed, POP Peeper still getting old one

Post by mjs »

Jeff will be back from vacation on the 25th of June - I would suggest for now you continue to use the "Exceptions" workaround that you mentioned (as you are presumably doing now) until he gets back to address this issue for you. Perhaps Jeff will simply send you an updated pem file (cacert-full.pem file) to replace the pem file you are currently using (that typically resides in the "Program Files" > "POP Peeper" > "SslCerts" folder).

The only POP Peeper help I have been able to find on this topic FWIW is referenced under POP Peeper "Help" - Configuration Options ("Help">"Contents...">Search for "Certificates" - Select "PpTweaker:Certificates").

There are a couple of FAQ error references on this subject listed under "Common Errors":
1) https://www.esumsoft.com/products/pop-p ... selfsigned
2) https://www.esumsoft.com/products/pop-p ... memismatch

What is the error that you are getting?

Note: Whenever you get errors we recommend that you provide the Error Overview info in your forum reply (this will help us to know more about what the problems may be for any accounts that have errors). If you are not familiar with how to post the error overview information then please refer to this topic: PP error messages: How to view them & copy/paste into your post.
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
nut
Posts: 16
Joined: Wed Sep 15, 2010 8:25 pm

Re: SSL cert renewed, POP Peeper still getting old one

Post by nut »

In PPtweaker, I always had "SSL certificate validation" and "Hostname matching" enabled, with no exceptions defined. This worked fine until my host's SSL certificate expired.

Now, if I add the host name as an exception (or of course if I disable "SSL certificate validation" entirely), it works fine. But if I run PP as I always did (which is what I want), I get "SSL connection failed - certificate failed: certificate has expired".

If I try to send email with that configuration, I get "Could not connect to SMTP server". Sending email works fine with the host name exception.

Again, my web host says it has renewed the SSL certificate, and that appears to be the case. I am baffled as to how all my email clients (because this is not restricted to POP Peeper) are still pulling in the expired certificate.
User avatar
mjs
Moderator
Posts: 1890
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL cert renewed, POP Peeper still getting old one

Post by mjs »

Have you restarted POP Peeper or actually better yet done a reboot of your computer?
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
nut
Posts: 16
Joined: Wed Sep 15, 2010 8:25 pm

Re: SSL cert renewed, POP Peeper still getting old one

Post by nut »

Yes I have done both--restarted POP Peeper and rebooted.

I don't think this is a POP Peeper issue; that's why I put it in the generic "Email" forum. I'm seeing the same issue on Android and iPhone. My suspicion is that the host has messed something up, but I don't know what.
nut
Posts: 16
Joined: Wed Sep 15, 2010 8:25 pm

Re: SSL cert renewed, POP Peeper still getting old one

Post by nut »

And *POOF* like magic, all of my email clients suddenly and simultaneously began working again!

Why, it's as if the web host *DID* screw something up, even though they blamed me and made me waste hours of my time chasing my tail.

Not annoying at all, nope.

Thanks for the help!

I'd still like to know what happened. My guess is that IMAPS clients pull in certificates differently than HTTPS clients, and the host had simply neglected to update the former. The web host sure as hell isn't going to tell me what happened, though.
User avatar
mjs
Moderator
Posts: 1890
Joined: Sun Jul 17, 2011 2:36 am

Re: SSL cert renewed, POP Peeper still getting old one

Post by mjs »

Good to hear at least all is ultimately working again finally =D> ... And just as you surmised it was clearly not a POP Peeper issue - Jeff will probably have some ideas on what ultimately happened. :-k

Obviously understandably frustrating experience!... for sure! ](*,)

Thanks for reporting back the good news!
Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers
Post Reply