K-9 started show Unrecognized Certificate error when fetching IMAP from Gandi.net

Hi, this looks similar to other topics I found but I’m not sure what’s going on.

I have a domain mydomain.net on Gandi, and Gandi provides the email box. I access the email myuser@mydomain.net usually via IMAP, both from my Thunderbird desktop and from my Android mobile. I have set it up months ago and everything worked fine until yesterday, when suddenly K-9 started to show the infamous “Unrecognized Certificate” warning on my phone when fetching email. But not on Thunderbird, where everything works fine (both sending and fetching).

Any idea what’s going on?


Maybe they changed their certificate.
Did you try this?

1 Like

Alternatively, you could always examine the certificate to see why it is being flagged as unknown and make corrections if possible.

For instance, your mailbox provider (represented by example.net) may have a certificate for mail.example.net, and you are connecting using a name in your own domain (represented by example.com) to mail.example.com. If that name is not included in an otherwise valid certificate, you could resolve the error by updating your server hostname to use one included in the certificate.

At the end I contacted Gandi support and they confirmed the hash values of the certificates so I could accept them manually. I suspect it’s a configuration error on their side, probably they didn’t include the fullchain.pem certificate in their TLS configuration.

1 Like