Context.IO requires a valid TLS certificate to connect to accounts via IMAP. Without a valid TLS certificate, we are unable to fully support an email account.
Please note: This issue does not affect accounts from known email mailbox providers such as Gmail, Google Apps, Outlook, Yahoo, or Aol, as they do use valid TLS certificates.
TLS requirements we look for:
- A valid certificate signed by a trusted provider (i.e. not self-signed)
- IMAP server hostname and certificate's common name match
Most common cases:
The most common cases of invalid TLS certificates are seen in what we call "generic IMAP" accounts. These are IMAP mailboxes provided by services such as HostGator, GoDaddy, or SiteGround, among others.
For example, if your user's email address is hosted with a service like HostGator, and their IMAP server is "imap.mycoolwebiste.com", the TLS certificate may be valid for HostGator and not specifically for "mycoolwebsite.com". This causes a mismatch error with the certificate.
How to fix this:
Unfortunately, this is completely on the end-user's end to fix. In most cases, the certificate can be fixed if the end-user contacts their email mailbox provider.
How to diagnose:
Try to answer the following questions.
- Are you unable to pull messages or folders for the user? (You may get a 503 for these calls)
- Is the user a generic IMAP user (i.e. not Gmail, Outlook, Yahoo, Aol, or any other known provider)?
- Is the user in "OK" status (i.e. the user is not marked as "DISABLED" in Context.IO)?
If the case matches the criteria listed above, there is likely an issue with the TLS certificate. In order to check this on your end, you can do the following:
- Make the following API call: "lite/users/:id"
- Make a note of the user's SERVER and PORT
- Open up a terminal
- Ensure you have OpenSSL (most Unix-based bash terminals should come with OpenSSL)
- Type the following command in your terminal "openssl s_client -connect SERVER:PORT"
Once you run the command, you should be able to inspect the SSL certificate. Any errors should be listed there. Under the certificate itself, you can check the hostname and server to ensure they match.
If you encounter any other errors with TLS certificates, feel free to contact us at email@example.com.
Please note that we are unable to help end-users fix their own TLS certificates.