Changes Saved.
Error Occurred!


Email Client rejecting or not recognizing Certificate

Sometimes an email client is stubborn when it doesn't recognize a new SSL Certificate that has been installed on a server.

When you receive a popup warning in your email client saying "Invalid Certificate" or "Unrecognized / Untrusted Certificate" , on most devices and platforms the solution is very simple - just use the "Show Details" button in the popup and then put a check next to "Always Trust This Certificate" and Save. Problem solved.

But on some devices (mainly iPhones, as you can see the Apple Support Discussion forums full of thousands of frustrated iPhone users with this issue) extra steps may need to be taken.

Also, if you have purchased an installed an SSL certificate on your domain / in your hosting account, a slightly different format of Incoming/Outgoing mail servers can be used. Instead of mail.example.com as your Incoming/Outgoing mail servers, try just example.com (replacing example.com with your domain name of course).

Here are several methods of getting rid of the Certificate warning in your email client app:

Method 1. - In your mail client settings for the email account you're getting the warning in, try changing the Incoming (POP) and Outgoing (SMTP) servers from mail.example.com to just example.com (replacing example.com with your domain name of course). This is a NEW approach and has been working well for clients affected by repercussions of the latest cPanel update.

Method 2. - If you go into the Settings for that account on your device, you can DISABLE or TURN OFF SSL and the warning will go away immediately. (Yes, this is a less secure method of transmitting email data, but if you consider that the person on the other end might not be using any security at all then this might be a small concession if you want to quickly get the annoying message to go away). NOTE - When you disable SSL then you should switch your Incoming (POP) port to 110 and your Outgoing (SMTP) port to 587.

Method 3. - Another way that works for many people (especially if you want to keep SSL enabled) is to change the mail server settings in your email client from "mail.example.com" to "metroXX.saratogahosting.net" (for both Incoming and Outgoing mail server) , where "example.com" is your domain name, and "metroXX" would be the hostname of the server that the Certificate is installed on and you'd replace the XX with the number of the server that you're hosted on here. That way your email client will accept the new certificate.

Method 4. - You can delete the account from your device and then re-create it "manually" (instead of letting it automatically generate the settings) with SSL turned OFF and/or set both mail servers to metroXX.saratogahosting.net (replace the XX with the number of the server you're hosted on here) instead of mail.example.com

In all cases, whenever possible in the settings of your device tell it to "Always Trust" any Certificate from the server you're accessing here. That is an option in almost all email client settings on all devices.


Since various devices and email clients act differently and can have different settings, we've put together a list of common Incoming and Outgoing mail server ports along with the most commonly overlooked important settings for your reference when setting up an email account on your computer or mobile device.



Port 110 is the most common Incoming port and works with most devices / clients / configurations.

Port 143 is sometimes required on certain devices with TLS enabled or when using IMAP instead of POP.

Port 993 is sometimes required on certain devices with SSL enabled via IMAP.

Port 995 is sometimes required on certain devices with SSL enabled via POP.


Port 25 is a common Outgoing port and works with most devices / clients / configurations. (However, some ISP's block Port 25 for SMTP servers that are not part of their network, in which case try 587)

Port 587 is fast becoming the most common Outgoing SMTP port, especially for mobile devices and for user's on ISP's that block port 25.

Port 465 is sometimes required on devices that are unable to send through port 25 or 587.



Username - Make sure that the username you enter in your mail client software is your entire email address in the format of user@example.com (where you'd replace "user" with the actual email address username, and you'd replace "example.com" with your domain name).

Incoming / Outgoing Servers - Both your incoming and outgoing mail servers should be set to mail.example.com (where you'd replace "example.com" with your domain name). Although you can use the server's hostname (such as metro**@saratogahosting.net) you should avoid using the hostname unless complete necessary. **Take extra care to make sure that you don't use "pop." or "smtp." as the prefix of your mail servers, which many mobile devices will put there as default.** The prefix needs to be "mail." for both.

AUTHENTICATION - You must have authentication enabled in the settings of your email client for your domain email account. In MOST cases Authentication should be set to "Automatic" or "Same as Incoming Server Login" , however if you're on an ISP that does not allow you to use your own Outgoing server and you're using their SMTP server, then your ISP must provide you with your Outgoing SMTP Authentication login.

Remove Messages From Server - You should always have at least one device set to remove your messages from the server after X amount of days so that you don't fill your hosting account with years worth of junk messages or exceed inbox quotas. Typically this is done by having at least one of your devices set to access your email account as a POP account, and within the settings of your email client software you'll find a setting that allows you set "Remove messages from the server every 2 days" for example. That way your messages have plenty of time to reach all of your devices before being removed from the server and yet still keep your hosting account and inbox maintained on the server.


Related Articles