Out of the blue today, iPhone and Mac users are reporting trust problems in their email apps. Instead of seeing their new email messages, they are met with an error message “cannot verify server identity”.
At the root of the problem lies a refresh of the digital certificates that our servers use. The servers use the certificates to encrypt logins and keep your connection private. Our servers periodically renew their certificates, and this happened today. These certificates are signed by “cPanel Inc”, the makers of cPanel. As of today, it seems like Apple devices no longer consider “cPanel Inc” to be a trusted certificate issuer, resulting in the error.
We have mitigated the problem by switching all server certificates to ones issued by Let’s Encrypt, an issuer that has universal support. This said, a better solution that we highly recommend, is that you install a certificate for your domain in cPanel:
- Log in to your cPanel, and open the Let’s Encrypt SSL page.
- Install a certificate for your domain(s).
Important in step 2 are the following:
- Include the option to include the mail sub-domain. The mail sub-domain is typically set up as the MX (mail exchanger) DNS record, and subsequently used by email apps when connecting to the server.
- If you have multiple domains listed in cPanel, include only those that are active. Including an expired domain or a domain that is not actually hosted on our server will cause the certificate issue process to fail.
After installing the certificate, you may need to restart your iPhone or Mac computer to force it to load the new certificate.
Here is more info on the great industry initiative that is Let’s Encrypt: https://anno.com/lets-encrypt
We trust this solves the problem for you!
Thank you Stephen, for your prompt reaction.
The affray seems to have settled down now!