30

I'm trying to configure offlineimap to download my gmail but am getting the error:

OfflineIMAP 6.5.7 Licensed under the GNU GPL v2 or any later version (with an OpenSSL exception) Account sync Gmail: *** Processing account Gmail Establishing connection to imap.gmail.com:993 ERROR: No CA certificates and no server fingerprints configured. You must configure at least something, otherwise having SSL helps nothing. *** Finished account 'Gmail' in 0:00 ERROR: Exceptions occurred during the run! ERROR: No CA certificates and no server fingerprints configured. You must configure at least something, otherwise having SSL helps nothing. Traceback: File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 263, in syncrunner self.__sync() File "/usr/lib/python2.7/site-packages/offlineimap/accounts.py", line 326, in __sync remoterepos.getfolders() File "/usr/lib/python2.7/site-packages/offlineimap/repository/IMAP.py", line 351, in getfolders imapobj = self.imapserver.acquireconnection() File "/usr/lib/python2.7/site-packages/offlineimap/imapserver.py", line 439, in acquireconnection use_socket=self.proxied_socket, File "/usr/lib/python2.7/site-packages/offlineimap/imaplibutil.py", line 186, in __init__ super(WrappedIMAP4_SSL, self).__init__(*args, **kwargs) File "/usr/lib/python2.7/site-packages/offlineimap/imaplib2.py", line 2063, in __init__ IMAP4.__init__(self, host, port, debug, debug_file, identifier, timeout, debug_buf_lvl) File "/usr/lib/python2.7/site-packages/offlineimap/imaplib2.py", line 344, in __init__ self.open(host, port) File "/usr/lib/python2.7/site-packages/offlineimap/imaplibutil.py", line 193, in open "having SSL helps nothing.", OfflineImapError.ERROR.REPO)

My .offlineimaprc is:

[general] accounts = Gmail maxsyncaccounts = 3 sslcacertfile = /etc/ssl/certs/ca-certificates.crt [Account Gmail] localrepository = Local remoterepository = Remote [Repository Local] type = Maildir localfolders = ~/mail [Repository Remote] type = IMAP remotehost = imap.gmail.com remoteuser = [email protected] remotepass = Secret ssl = yes maxconnections = 3 realdelete = no

I am specifying where my certs are. Why is it still erroring out?

Improve this question

3 Answers 3

Reset to default
46

Put entry:

sslcacertfile = /etc/ssl/certs/ca-certificates.crt

In section:

[Repository Remote]

Improve this answer
3
  • I needed /etc/ssl/certs/ca-bundle.crt for CentOS 6. Commented Nov 8, 2015 at 0:31
  • 7
    For OSX use: sslcacertfile = /usr/local/etc/openssl/cert.pem (found at rudolfochrist.github.io/blog/2015/03/21/…) Commented Jan 14, 2017 at 0:48
  • 1
    @AlexG, thanks. I don't know if things have changed over the last few years, but my cert file was in sslcacertfile = /usr/local/etc/[email protected]/cert.pem on MacOS catalina Commented Jul 31, 2020 at 3:17
6

In order for OfflineIMAP to use the system’s default CA roots file put the line

sslcacertfile = OS-DEFAULT

in the [Repository $remoterepository] section of your OfflineIMAP config file.

The relevant documentation from offlineimap.conf reads:

Special value OS-DEFAULT makes Offlineimap to automatically determine system-wide location of standard trusted CA roots file for known OS distributions and use the first bundle encountered (if any).

Improve this answer
1
  • This does not work for Mac OS Sonoma 14.0 Commented Nov 17, 2023 at 14:58
2

For FreeBSD install the port security/ca_root_nss

and then add

sslcacertfile = /usr/local/share/certs/ca-root-nss.crt

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.