Article ID: 121731, created on May 24, 2014, last review on Mar 9, 2016

  • Applies to:
  • Plesk for Linux/Unix


Outgoing mail delivery to Gmail (or other server which has SSL enabled and configured with valid certificate) accounts fails with error in /usr/local/psa/var/log/maillog:

from=<>, size=666, nrcpt=1 (queue active)
certificate verification failed for untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
F01C9680292: to=<>

Note: There may be another address of Gmail's SMTP server, like This solution is valid for any cases where messages contain untrusted issuer string.


Certificate Authority (CA) certificate is missing in /etc/postfix/

The server does not trust valid CAs.


  1. Make sure that file /etc/pki/tls/certs/ca-bundle.crt exists (it contains information about valid CAs).

  2. Update OpenSSL package if possible in order to get fresh version of CA bundle.

  3. Add line smtp_tls_CAfile to /etc/postfix/ file as shown below:

    # grep smtp_tls_CAfile /etc/postfix/
    smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
  4. Restart postfix daemon to apply the changes:

    # /etc/init.d/postfix restart
    Stopping postfix:                                          [  OK  ]
    Starting postfix:                                         [  OK  ]

Search Words



mail not forwarding

postfix certificate verification failed for gmail



certificate verification failed for

untrusted issuer



a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c 29d1e90fd304f01e6420fbe60f66f838

Email subscription for changes to this article
Save as PDF