When connecting an account, I am receiving a “Certificate Error”. What is this, and how do I fix it?

By default Mailspring does strict certificate checking on secure (SSL) connections to your email servers. If your mail server is using a self-signed certificate or an expired certificate for SSL, it will fail to connect and you’ll receive the “Certificate Error” message. This check is important for preventing MITM attacks, but you may not have seen it before: many older clients don’t perform strict checking and allow you to connect without errors.

Fixing the Issue

Try putting a common server like imap.gmail.com in the IMAP server field.

If imap.gmail.com works correctly, your server is using an untrusted certificate and you’ll need to disable the certificate checks by clicking the “Allow Insecure SSL” checkbox in the IMAP/SMTP setup panel.

If you still get the certificate error, it means Mailspring can’t find the certificate trust chain on your computer. On Linux, you may need to install the ca-certificates package (though it’s almost always present.) On Linux, Mailspring looks for certificates in the following locations. If the .crt bundle on your computer is not in one of these locations, you can add a symlink to fix the issue in Mailspring.

// Debian, Ubuntu, Arch: maintained by update-ca-certificates
/etc/ssl/certs/ca-certificates.crt

// Red Hat 5+, Fedora, Centos
/etc/pki/tls/certs/ca-bundle.crt

// Red Hat 4
/usr/share/ssl/certs/ca-bundle.crt

// FreeBSD (security/ca-root-nss package)
/usr/local/share/certs/ca-root-nss.crt

// FreeBSD (deprecated security/ca-root package, removed 2008)
/usr/local/share/certs/ca-root.crt

// FreeBSD (optional symlink) and OpenBSD
/etc/ssl/cert.pem

// OpenSUSE
/etc/ssl/ca-bundle.pem