Since self-signed certificates fell out of favour I’ve been using Lets Encrypt certificates served by Symbiosis and Sympl. Whilst certificates update seamlessly, I run into problems every time a certificate is automatically renewed with mail clients running on iOS. I have 300 email accounts some of which are used by people working abroad.
Problem - iOS fails to recognise a certificate update and warns that the certificate is not reliable.
Resolution - It appears there is no way to accept the new certificate within iOS unless the account is deleted and reconfigured. As LE certificates are updated more often than is practical (every 90 days) this is becoming a right royal PITA.
Has anyone found a solution better than instructing users to delete and reinstall their email accounts?