Overview
Mailboxes using Office 365 email accounts might unexpectedly stop email retrieval, and thus creating new cases.
An Admin notification is shown: Error: The remote certificate is invalid according to the validation procedure.
As a temporary workaround, you can navigate to Avatar Menu -> Mailboxes, select the Outlook mailbox, click "Start downloading messages now" and the emails will be imported into FogBugz. But the issue reappears on the next automatic email retrieval attempt.
As an On-Demand customer report it to our support team.
As an On-Premises customer, read the diagnosis and the solution below.
Information
Diagnosis
The full Admin notification might look something like this:
09.11.2020 14:44 (GMT01:00): Could not log into the mail server: Authentication failed because of an invalid SSL certificate. This may be because the root certificate is not installed, or it is for a different site than you are connecting to, or the certificate is expired or self-signed (issuer is the same as the site). Check the certficate issued by the server and make sure that the root certificate is installed on the FogBugz server. You can also disable SSL in the settings.
Error: The remote certificate is invalid according to the validation procedure.
Server Address: outlook.office365.com
Certificate Issued To: CN=outlook.com, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Certificate Issuer: CN=DigiCert Cloud Services CA-1, O=DigiCert Inc, C=US
Certificate Expiration: 07.10.2021 08:00:00
FogBugz will *not* fetch mail from this mailbox until this issue is resolved.
Solution
Microsoft updates its certificates on regular basis.
Also, the Root CA issuer used by Microsoft might update its root certificates and ICAs on a regular basis.
If the local computer certificate store of your web server that is hosting FogBugz is not updated with these Root CA and ICA changes, FogBugz might consider a new valid certificate used by your Office 365 mailbox as invalid because the certificate path will be broken (not recognized Root CA or ICA).
The solution is to make sure that the latest Root CA and ICA certificates are imported on the Web Server hosting your FogBugz instance.
Testing
After importing the updated certificates the automatic email retrieval (and case creation) should work correctly.