Page 1 of 1

SSL cert renewed, POP Peeper still getting old one

Posted: Mon Jun 21, 2021 10:28 pm
by nut
I own my own domain, mainly for the email service. My irresponsible web host allowed the SSL certificate on the shared domain to expire the other day, breaking just about everything, including web-based email and IMAP.

They renewed the certificate later that day, and since then I've been able to access web-based email. But none of my email clients work. POP Peeper on my Windows PC and my Android email client are still getting the old, expired cert, and throwing errors. My wife's iPhone seems to be doing the same.

I know the workaround (bypass certificate validation or add an exception), but why on Earth would the email clients still be getting the old certificate, if the website has a new one?

Re: SSL cert renewed, POP Peeper still getting old one

Posted: Tue Jun 22, 2021 12:25 am
by mjs
Jeff will be back from vacation on the 25th of June - I would suggest for now you continue to use the "Exceptions" workaround that you mentioned (as you are presumably doing now) until he gets back to address this issue for you. Perhaps Jeff will simply send you an updated pem file (cacert-full.pem file) to replace the pem file you are currently using (that typically resides in the "Program Files" > "POP Peeper" > "SslCerts" folder).

The only POP Peeper help I have been able to find on this topic FWIW is referenced under POP Peeper "Help" - Configuration Options ("Help">"Contents...">Search for "Certificates" - Select "PpTweaker:Certificates").

There are a couple of FAQ error references on this subject listed under "Common Errors":
1) https://www.esumsoft.com/products/pop-p ... selfsigned
2) https://www.esumsoft.com/products/pop-p ... memismatch

What is the error that you are getting?

Note: Whenever you get errors we recommend that you provide the Error Overview info in your forum reply (this will help us to know more about what the problems may be for any accounts that have errors). If you are not familiar with how to post the error overview information then please refer to this topic: PP error messages: How to view them & copy/paste into your post.

Re: SSL cert renewed, POP Peeper still getting old one

Posted: Tue Jun 22, 2021 8:39 am
by nut
In PPtweaker, I always had "SSL certificate validation" and "Hostname matching" enabled, with no exceptions defined. This worked fine until my host's SSL certificate expired.

Now, if I add the host name as an exception (or of course if I disable "SSL certificate validation" entirely), it works fine. But if I run PP as I always did (which is what I want), I get "SSL connection failed - certificate failed: certificate has expired".

If I try to send email with that configuration, I get "Could not connect to SMTP server". Sending email works fine with the host name exception.

Again, my web host says it has renewed the SSL certificate, and that appears to be the case. I am baffled as to how all my email clients (because this is not restricted to POP Peeper) are still pulling in the expired certificate.

Re: SSL cert renewed, POP Peeper still getting old one

Posted: Tue Jun 22, 2021 9:24 am
by mjs
Have you restarted POP Peeper or actually better yet done a reboot of your computer?

Re: SSL cert renewed, POP Peeper still getting old one

Posted: Tue Jun 22, 2021 9:38 am
by nut
Yes I have done both--restarted POP Peeper and rebooted.

I don't think this is a POP Peeper issue; that's why I put it in the generic "Email" forum. I'm seeing the same issue on Android and iPhone. My suspicion is that the host has messed something up, but I don't know what.

Re: SSL cert renewed, POP Peeper still getting old one

Posted: Tue Jun 22, 2021 1:05 pm
by nut
And *POOF* like magic, all of my email clients suddenly and simultaneously began working again!

Why, it's as if the web host *DID* screw something up, even though they blamed me and made me waste hours of my time chasing my tail.

Not annoying at all, nope.

Thanks for the help!

I'd still like to know what happened. My guess is that IMAPS clients pull in certificates differently than HTTPS clients, and the host had simply neglected to update the former. The web host sure as hell isn't going to tell me what happened, though.

Re: SSL cert renewed, POP Peeper still getting old one

Posted: Tue Jun 22, 2021 1:24 pm
by mjs
Good to hear at least all is ultimately working again finally =D> ... And just as you surmised it was clearly not a POP Peeper issue - Jeff will probably have some ideas on what ultimately happened. :-k

Obviously understandably frustrating experience!... for sure! ](*,)

Thanks for reporting back the good news!