Apple devices reporting expiry issues with Let’s Encrypt SSL certificates in MDaemon after 29th September 2021

Let’s Encrypt is a free root trusted SSL provider and MDaemon integrates with it to offer free 90-day root trusted SSL certificates which are automatically renewed.

On the 29th September at 20:21 a built-in DST Root CA (Certificate Authority) expired, which may have caused issues with Apple devices connecting to MDaemon via ActiveSync, IMAP or Webmail, despite the fact that the Let’s Encrypt SSL certificate in MDaemon had not expired.

Typically, the device would prompt like this as it is caching that old DST Root CA:

The easiest “fix” to this issue is to take the following steps in MDaemon and issue a brand new Let’s Encrypt SSL certificate that the Apple device then needs to re-validate:

1. At Setup -> Security Manager -> SSL & TLS -> MDaemon select the active Let’s Encrypt SSL Certificate and choose Delete (do not press APPLY or OK).

2. Move to the Let’s Encrypt tab under Setup -> Security Manager -> SSL & TLS and choose Run Now. Within 1-2 minutes MDaemon will restart and a new Let’s Encrypt SSL certificate will have been created and bound to its SSL ports.

3. Test the Apple device to confirm the warning regarding the old expired DST Root Certificate Authority has now disappeared.