How do I trust my email host certificate again?

Lawrence Finch:

Why should resolving this require deleting the email account? In our case, our email provider insists it renewed its certificate BEFORE it expired. However, on my iPhone, iPad, and iMac, I got an expired certificate error starting the evening it expired, when using Port 587 for outgoing email on two email accounts. Our email provider said the problem was due to "caching" on my iPhone, iPad, and iMac, while Apple Support insisted no such caching occurs. I resolved it by changing the Port to 465. (A week later, if I change the port back to 587, I once again get the expired certificate error.) On another family member's iPhone and MacBook there was NO certificate error when using Port 465 on a third email account.

Port 587 is the correct “modern” port for TLS SMTP. Port 465 served that function at one time, but has since been reassigned for other uses. If your ISP accepts outgoing mail on port 465 their system is not configured correctly.

Delete the email account restart your phone, and add the account back. If the certificate is now trusted you won’t be prompted again.

revDAVE wrote:

Thanks for your help - I did your suggestion and it did work.

I was just curious if instead, I changed the mail host to something different and then back again if that might also let me "trust" it again?

That would probably work; I’ve never tried it.

An expired certificate error is ALWAYS on the side of the email server. When you delete and then re-add the email account it queries the server for the correct settings, so if there is a wrong setting in the phone this fixes it.

Lawrence Finch,

Thank you for your quick response. I understand what you're saying. I was kind of hoping you might be able to provide some insight into what might have happened in my case, given what Apple Support and my email provider said.

Since changing the SMTP Port from 587 to 465 solved my problem (and the expiration problem never occurred on my family member's devices using Port 465), I thought perhaps the email server was (and is) providing the old, expired certificate on Port 587 and the new, renewed certificate on Port 465, but the email provider insists that is not even possible, and they further insist the certificate was never even allowed to expire on the evening of May 14 and that my devices must all have somehow "cached" the old, expired certificate.

If the email provider is giving me the full story, how did my iPhone, iPad, and iMac end up with an incorrect setting (an expired certificate with complete details) if, as Apple Support says, none of these devices cache or save certificates? Why did all three devices fail to obtain the new, renewed certificate? And why is there no mechanism allowing the customer to get rid of a "wrong setting" (a hidden, cached certificate)?

I'm just trying to figure out what I was told, and no amount of searching on the Internet has led me to any explanation at all.

Lawrence Finch:

I have seen information corresponding to what you say about Port 587. However, our email provider's written instructions for years has recommended using 465 as the outgoing port, and has recommended using port 587--with TLS/SSL turned of--only if the customer is having problems sending and receiving email. Months ago, when I suddenly started having problems sending email, they orally recommended changing the port from 465 to 587; I left TLS/SSL on at the time and kept this port setting until encountering the expired certificate on May 14. As I mentioned above, when I changed the port back to 465 on all three devices on both email accounts, the expired certificate error disappeared. Our email provider says they have no idea why this worked, except that they continue recommend using port 465.

(Incidentally, their new certificate started on April 26, but I have no idea when they installed it on their server[s].)

I still have not found a logical explanation for what happened in our case. The answers I received from Apple Support and from our email provider do not provide a coherent picture.