Fixing msmtp to send mails via gmail

Today I was going to send an e-mail using mutt, and received this boring message:

msmtp: TLS certificate verification failed: the certificate hasn't got a known issuer
msmtp: could not send mail (account default from /home/nwerneck/.msmtprc)

Yeah, it seems Google changed certificates again.



My whole e-mail setup works just like it is taught by this excellent guide by Andrew Strong. I guessed I could just manage to get this new Google certificate somehow, then modify whatever is needed to be able to send mails again.

I ended up managing to solve it. I know very very little about certificates. I only know they are things that get in our way when we want to work... When I need security I use PGP in my end, and that's it.

I ran the commands in this manual, and thought I needed to get a Google Internet Authority certificate. I even managed to download it somehow, but it didn't work.

In the end what worked was simply switching the tls_trust_file line in the .msmtprc file from the Thawte file to the Equifax one. So, following Andrew's setup, instead of

tls_trust_file /home/.../mail/certs/Thawte_Premium_Server_CA.pem

it should be

tls_trust_file /home/.../mail/certs/Equifax_Secure_CA.pem

And that was it. I hope it's the right thing to do, and that it lasts!... (It didn't!)

EDIT: Seems like this one breaked again. But our fellow anonymous reader found out that you can instead use the line

tls_trust_file /etc/ssl/certs/ca-certificates.crt

and now you should never again need to do this embarrassing reconfigurations. Thanks for the great tip!!