so autoconfig requests happen, but cert errors during the autoconfig phase are not surfaced (don’t need to as it’s probing wildly).
It’s the tail end of requests in the second screenshot when looking for the carddav / caldav well-knowns when thunderbird brings the error to the user.
/.well-known/carddav
/.well-known/caldav
I’m not sure thunderbird is supposed to check them? the autoconfig doesn’t set the endpoints (as of now). It could create those sections and point to their endpoints to avoid the error - but atm I think TB is overreaching. Bugzilla doesn’t have an entry on this yet.
(it works for murena.io users because the cert is valid and sure the fix is to just do so too on e.email - but technically imo thunderbird has to handle this better. No dav entries in autoconfig, don’t probe and act up)