How to Fix “Cannot V...
How to Fix “Cannot Verify Server Identity” error
How to Fix “Cannot Verify Server Identity” error
How to Fix “Cannot Verify Server Identity” error in 2025
Quick Overview
The “Cannot Verify Server Identity” error appears when your device or email app can’t confirm that the server’s SSL/TLS certificate is valid. This usually happens because the certificate is expired, mismatched or not properly configured on the mail or web server.
In 2025, this issue remains common across iPhones, iPads, macOS Mail, Outlook, and other email clients especially when connecting to IMAP, SMTP or Exchange servers.
Simply put, your email app sees a difference between the server name and the SSL certificate provided by your hosting company. The connection is still secure, but your device blocks it until the identity is verified.
The good news!
Fixing this is quick, usually by updating the SSL settings, re-adding your mail account or trusting the new certificate from your hosting provider.
This guide will cover
Why Does the “Cannot Verify Server Identity” Error Keep Popping Up?
This error pops up when your device or email app tries to connect to a secure server (using SSL/TLS) but can’t confirm that the server’s digital certificate is trustworthy. In 2025, the reasons remain mostly the same but with new factors from modern security updates and stricter certificate policies:
Expired SSL Certificate
Every SSL certificate has an expiration date. Once it expires, your device will automatically flag it as unsafe until it’s renewed.
Domain Name Mismatch
The certificate’s Common Name (CN) or Subject Alternative Name (SAN) must exactly match the domain or mail server name.
Example: A certificate for mail.kmhosting.co.za won’t work for server.kmhosting.co.za.
Self-Signed Certificates
Many modern systems (especially iOS 18 and macOS Sequoia) now block self-signed or unverified certificates by default for better security.
Untrusted or Unknown Certificate Authority (CA)
Some certificates issued by lesser-known or free CAs may not be recognized by the device’s trust store after OS updates.
Network Interference or Captive Portals
Public Wi-Fi or corporate firewalls sometimes replace or intercept SSL certificates, triggering verification errors.
Incorrect Mail or Server Settings Outdated IMAP/SMTP settings, wrong hostnames, or ports can cause SSL mismatches.
Example: Using mail.domain.com instead of server.domain.com.
New 2025 Security Enhancements
Devices now perform real-time certificate transparency checks and OCSP (Online Certificate Status Protocol) validation.
If a certificate is missing from public logs or revoked, the connection will be blocked automatically.
How to Fix the “Cannot Verify Server Identity” Error for 2025
Don’t worry — it’s easy to fix! Follow these steps depending on your device. ↓
For iPhone / iPad (iOS 18) Users
1. Restart and Refresh Your Connection
Close the Mail app (swipe up from the bottom and clear it).
Restart your iPhone or iPad.
Turn Airplane Mode ON → wait 10 seconds → turn it OFF again.
Reconnect to Wi-Fi or try using mobile data.
Tip: Sometimes, switching networks refreshes certificate validation.
2. Recheck Your Mail Settings
Go to Settings → Mail → Accounts → [Your Email Account] → Account Settings
Make sure the details are correct:
Incoming Mail Server: (IMAP) mail.yourdomain.com
Outgoing Mail Server: (SMTP) mail.yourdomain.com
Use SSL: Enabled
Ports:
IMAP: 993
POP3: 995
SMTP: 465 or 587
Tip: Ensure the mail server name exactly matches your SSL certificate (e.g., mail.kmhosting.co.za).
3. Delete and Re-add the Email Account
If the error keeps coming back:
Go to Settings → Mail → Accounts
Tap the problem account → Delete Account
Restart your device
Add your account again with the correct settings
Tip: iCloud sometimes caches old SSL data — removing and re-adding the account clears that.
4. Reset Network Settings (if issue continues)
Go to Settings → General → Transfer or Reset iPhone → Reset → Reset Network Settings
Reconnect to your Wi-Fi after restart
Note: This will remove saved Wi-Fi passwords, so have them ready.
For macOS (Mail App) Users
1. Restart and Update macOS
Restart your Mac and reopen Mail.
Go to System Settings → General → Software Update — ensure macOS is up-to-date.
New macOS versions (like Sequoia) perform stricter SSL checks — updates often fix trust errors.
2. Verify Certificate
Open Safari → visit your mail server URL (e.g., https://mail.kmhosting.co.za).
Click the padlock icon → check if the certificate is valid and trusted.
If expired or self-signed, contact your hosting provider to renew it.
3. Reconfigure Mail Account
Open Mail → Settings → Accounts → Server Settings
Ensure Incoming/Outgoing servers match the SSL certificate.
Confirm Use TLS/SSL is enabled and correct ports are used.
For Windows (Outlook / Thunderbird)
1. Restart Device and Internet
Close your email app.
Restart your PC.
Try connecting using a different network or mobile hotspot.
2. Recheck Account Settings
In Outlook:
Go to File → Account Settings → Account Settings → Change
Verify:
Incoming Server (IMAP/POP): matches your SSL certificate
Outgoing Server (SMTP): correct domain name
Click More Settings → Advanced
IMAP: 993 (SSL)
SMTP: 465 or 587 (TLS/SSL)
Tip: If Outlook still shows the warning, try removing and re-adding your account.
For Android (Gmail / Outlook App)
1. Refresh the Connection
Restart your device
Turn Airplane Mode ON and OFF
Clear app cache:
Go to Settings → Apps → Gmail → Storage → Clear Cache
2. Update Account Settings
Go to Settings → Passwords & Accounts → Your Email Account → Server Settings
Check that:
The hostname matches the mail server
SSL/TLS is enabled
Correct ports are set (993, 995, 465 or 587)
Tip: Android 14+ blocks old TLS 1.0 and 1.1 — ensure your mail server supports TLS 1.2 or newer.
For Website / Mail Server Administrators
1. Check SSL Certificate Health
Visit your mail domain via browser (e.g., https://mail.yourdomain.com)
Click the padlock → View Certificate → Check:
Expiry date
Issuer (should be a trusted CA like Let’s Encrypt, Sectigo, or DigiCert)
Domain match
2. Renew or Install a Trusted Certificate
If expired or self-signed:
Use Let’s Encrypt (Free) via cPanel or Plesk
Or purchase from a trusted provider
Reinstall and restart mail services
Example (Linux):
sudo systemctl restart postfix dovecot 3. Enable Auto-Renew
To avoid future issues, enable automatic SSL renewal in cPanel or your hosting dashboard.
For Linux Mail Servers (Postfix/Dovecot)
1. Check your SSL paths in the Postfix configuration file:
Open /etc/postfix/main.cf and make sure your SSL certificate and key files are correctly linked.
smtpd_tls_cert_file=/etc/ssl/certs/server.crt
smtpd_tls_key_file=/etc/ssl/private/server.key
smtpd_tls_CAfile=/etc/ssl/certs/ca-bundle.crt Tip: Many hosting providers now issue Let’s Encrypt certificates by default. Make sure your paths point to the latest auto-renewed files if you use Certbot.
2. Restart Postfix to apply the changes:
sudo systemctl restart postfix dovecot 3. Verify SSL configuration:
Test your SSL setup with:
openssl s_client -connect mail.yourdomain.com: 465 -starttls smtp Check the output for valid certificate chains and matching domain names.
Try an Alternate or Updated Email Client
If the error only appears in a specific app (like Apple Mail), try:
Using Outlook, Thunderbird or webmail to confirm if it’s a client-side issue.
Updating your mail client — outdated apps may reject new SSL/TLS protocols (like TLS 1.3, now common in 2025).
Removing and re-adding your email account with updated server names and SSL settings.
Note: In 2025, Apple Mail and Outlook have stricter SSL validation rules. Always use your hosting provider’s exact mail server name (e.g., mail.kmhosting.co.za) instead of just the domain.
How to Deal 2025 Security Enhancements?
In 2025, they use OCSP (Online Certificate Status Protocol) to confirm that your SSL hasn’t been revoked or tampered with. If the certificate isn’t listed in transparency logs or is revoked, your connection will be blocked automatically — even if the SSL looks fine on your side.
To stay secure and avoid these errors:
Avoid free or self-signed SSL certificates — they’re often rejected by newer devices.
Use DNS-based validation (CAA records) to control which Certificate Authorities can issue certificates for your domain.
Check OCSP status regularly — a revoked or untrusted certificate can trigger this error instantly.
Keep your device’s root certificate store updated — especially on Android and Windows.
Renew and verify your SSL through trusted providers (like Let’s Encrypt, Sectigo, or DigiCert) and ensure it’s correctly installed on your mail server.
Summary
| Issue | Solution |
|---|---|
| Expired or invalid SSL certificate | Renew your SSL certificate or install a free trusted one using Let’s Encrypt, Sectigo, or DigiCert. |
| Incorrect mail server settings | Verify your IMAP, SMTP, and port numbers match your hosting provider’s SSL settings (e.g., mail.kmhosting.co.za). |
| Cached network settings causing issues | Reset Network Settings on iOS/Android or DNS cache on macOS/Windows. |
| iOS Mail rejecting self-signed certificates | Replace with a trusted CA-issued SSL certificate — self-signed ones are now blocked by default. |
| Outlook or Mac Mail still failing | Remove and re-add your email account to refresh SSL trust settings. |
| OCSP or transparency log mismatch (2025 security check) | Ensure your SSL certificate is publicly logged and valid in Certificate Transparency (CT); replace revoked certificates. |
| TLS protocol version outdated | Update your mail server to support TLS 1.2 or TLS 1.3 — older versions (1.0/1.1) are no longer trusted. |
| Device trust store not updated | Update your OS or mail app to refresh the root CA store (especially Android & Windows). |
| Captive Wi-Fi or firewall SSL interception | Switch to a secure, unrestricted network or temporarily disable proxy/firewall SSL inspection. |
| DNS or hostname mismatch | Make sure your mail hostname matches the SSL CN/SAN (e.g., mail.kmhosting.co.za). |
| Certificate auto-renewal failed | Enable auto-renewal in cPanel, Plesk, or Certbot to prevent future expiry. |
| Old cached certificates in Mail App | Clear Mail cache or re-add the account to remove outdated SSL fingerprints. |
How KM Hosting Can Helps to Solve “Cannot Verify Server Identity” error
At KM Hosting, all email servers use trusted SSL certificates and secure hostnames. If you ever need your exact mail server hostname, our support team is available 24/7 to help you update it.
If you’re still seeing the error after following these steps, contact KM Hosting Support — we’ll verify your DNS records, SSL status, and mail settings to make sure your emails are running smoothly and securely.
