Overview
IMAP, POP3, and SSL that connect over SSL either via STARTTLS on port 143/110/587 or 993/995/465 respectively fail with a certificate warning without any symptoms prior to October 25, 2016. Symptoms include the following dialog from Thunderbird:
Cause
With the proliferation of free SSL certificates via Let’s Encrypt, vendors have begun to tighten requirements on SSL certificate validation to thwart hackers. Thunderbird and Mail (iOS) now require that the mail server name match a name in the Subject Alternative Name extension. Without such match the aforementioned warning is generated.
Solution
Change your mail server name, both incoming and outgoing, to match the server name on which you are hosted. In the initial example, “mail.futz.net” would be changed to “luna.apnscp.com“.
Thunderbird
See KB: Manual Account Configuration
Outlook
See KB: Change email account-settings
Additional Notes
This has been corrected in account provisioning as of October 26, 2016.