Some email clients were failing to validate our new wildcard certificate for *.mxes.net because our certificate issuer, RapidSSL, switched CA roots from Equifax to GeoTrust. It turns out that GeoTrust had recently updated its root certificate in July, 2010.
Unfortunately, that newer GeoTrust root certificate isn't as widely deployed on client machines as the old Equifax root cert, which means that some email clients weren't able to validate the authenticity of mail.mxes.net and smtp.mxes.net.
Email clients for mobile devices such as Android were the most commonly affected, but other clients such as ClawsMail and Alpine also reported validation failures. The certificate validation failure appeared as messages like "Cannot Connect Safely to Server" or one indicating that the server certificate had changed.
The problem was solved by installing a "cross root" certificate that links our new RapidSSL intermediate certificate to the old Equifax CA root cert. Thanks to Michael from Trustico
support for providing us with the correct crossroot CA cert.
Thanks also to our knowledgeable customers who provided us with valuable debugging information and suggestions.
A new wildcard certificate for *.mxes.net was installed on our servers last night. It was issued by RapidSSL and includes an intermidiate CA certificate as part of their new policy for newly-issued certificates. This seems to be causing problems for some email clients and browsers.
Some email clients, including those on Android phones, are issuing alerts that our certificate has changed, and this is true, although this isn't expected behavior.
Other errors indicate that our server certificate is invalid due to a validation error.
We're investigating this and will post updates to this page.
In the meantime, try https://manage.tuffmail.net for the Account Manager, and the unencrypted ports for mail.mxes.net and smtp.mxes.net ( http://www.tuffmail.com/ports.php )