I have a VPS where some of the users have used their Gmail accounts to check the mail (using Gmail's "other POP3 accounts I own"-feature). However, we forgot to renew the SSL certificate in time, but even after adding a new certificate (RapidSSL), Gmail does not accept the new certificate. We can get around it by telling everyone to switch to non-SSL, but it would be better if we could get Gmail to accept the new certificate and keep using SSL.
I checked the certificate using https://www.digicert.com/help/ with my vps'address+ ":995", just to make sure everything was ok, and everything checks out.
It seems to me Gmail believes it's still the old certificate there, that it doesn't recognize the new one, but the error message we get is not really that helpful – "SSL error: unable to verify the first certificate" – so I don't really know what's the problem.
I have also tried to delete the extra POP3-account from the Gmail settings, but no luck.
Best Answer
You just need to wait it out.
I've had this exact same issue (twice now!). Each time, I fiddled around with my postfix and dovecot settings for a few hours in vain. In the end, it was just a matter of giving it a few hours for Google to see the new cert.