Folder structure is retrieved successfully, but attempting to load the contents of any folder fails with "Could not load folder" error. Log reports a decryption failure for every email in the folder (example log entry):
{
"reqId": "aZkxPDJ2HN5gp852rW4MeAAAAAg",
"level": 3,
"time": "2026-02-21T04:14:55+00:00",
"remoteAddr": "xx.xx.xx.xx",
"user": "xxxxxx",
"app": "mail",
"method": "POST",
"url": "/index.php/apps/mail/api/mailboxes/27/sync",
"scriptName": "/index.php",
"message": "Failed to find a suitable S/MIME certificate for decryption",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:147.0) Gecko/20100101 Firefox/147.0",
"version": "33.0.0.16",
"exception": {
"Exception": "OCA\\Mail\\Exception\\SmimeDecryptException",
"Message": "Failed to find a suitable S/MIME certificate for decryption",
"Code": 0,
"Trace": [
{
"file": "/var/www/nextcloud/apps/mail/lib/IMAP/ImapMessageFetcher.php",
"line": 181,
"function": "decryptDataFetch",
"class": "OCA\\Mail\\Service\\SmimeService",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/nextcloud/apps/mail/lib/IMAP/MessageMapper.php",
"line": 327,
"function": "fetchMessage",
"class": "OCA\\Mail\\IMAP\\ImapMessageFetcher",
"type": "->"
},
{
"function": "OCA\\Mail\\IMAP\\{closure}",
"class": "OCA\\Mail\\IMAP\\MessageMapper",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/nextcloud/apps/mail/lib/IMAP/MessageMapper.php",
"line": 318,
"function": "array_map"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/IMAP/MessageMapper.php",
"line": 78,
"function": "findByIds",
"class": "OCA\\Mail\\IMAP\\MessageMapper",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/Service/MailManager.php",
"line": 186,
"function": "find",
"class": "OCA\\Mail\\IMAP\\MessageMapper",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/Service/Attachment/AttachmentService.php",
"line": 272,
"function": "getImapMessage",
"class": "OCA\\Mail\\Service\\MailManager",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/IMAP/PreviewEnhancer.php",
"line": 75,
"function": "getAttachmentNames",
"class": "OCA\\Mail\\Service\\Attachment\\AttachmentService",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/Service/Sync/SyncService.php",
"line": 187,
"function": "process",
"class": "OCA\\Mail\\IMAP\\PreviewEnhancer",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/Service/Sync/SyncService.php",
"line": 135,
"function": "getDatabaseSyncChanges",
"class": "OCA\\Mail\\Service\\Sync\\SyncService",
"type": "->"
},
{
"file": "/var/www/nextcloud/apps/mail/lib/Controller/MailboxesController.php",
"line": 151,
"function": "syncMailbox",
"class": "OCA\\Mail\\Service\\Sync\\SyncService",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 205,
"function": "sync",
"class": "OCA\\Mail\\Controller\\MailboxesController",
"type": "->",
"args": [
"*** sensitive parameters replaced ***"
]
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 118,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
"line": 153,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Route/Router.php",
"line": 321,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::"
},
{
"file": "/var/www/nextcloud/lib/base.php",
"line": 1155,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->"
},
{
"file": "/var/www/nextcloud/index.php",
"line": 25,
"function": "handleRequest",
"class": "OC",
"type": "::"
}
],
"File": "/var/www/nextcloud/apps/mail/lib/Service/SmimeService.php",
"Line": 521,
"message": "Failed to find a suitable S/MIME certificate for decryption",
"exception": "{\"class\":\"OCA\\Mail\\Exception\\SmimeDecryptException\",\"message\":\"Failed to find a suitable S/MIME certificate for decryption\",\"code\":0,\"file\":\"/var/www/nextcloud/apps/mail/lib/Service/SmimeService.php:521\",\"trace\":\"#0 /var/www/nextcloud/apps/mail/lib/IMAP/ImapMessageFetcher.php(181): OCA\\Mail\\Service\\SmimeService->decryptDataFetch()\\n#1 /var/www/nextcloud/apps/mail/lib/IMAP/MessageMapper.php(327): OCA\\Mail\\IMAP\\ImapMessageFetcher->fetchMessage()\\n#2 [internal function]: OCA\\Mail\\IMAP\\MessageMapper->OCA\\Mail\\IMAP\\{closure}()\\n#3 /var/www/nextcloud/apps/mail/lib/IMAP/MessageMapper.php(318): array_map()\\n#4 /var/www/nextcloud/apps/mail/lib/IMAP/MessageMapper.php(78): OCA\\Mail\\IMAP\\MessageMapper->findByIds()\\n#5 /var/www/nextcloud/apps/mail/lib/Service/MailManager.php(186): OCA\\Mail\\IMAP\\MessageMapper->find()\\n#6 /var/www/nextcloud/apps/mail/lib/Service/Attachment/AttachmentService.php(272): OCA\\Mail\\Service\\MailManager->getImapMessage()\\n#7 /var/www/nextcloud/apps/mail/lib/IMAP/PreviewEnhancer.php(75): OCA\\Mail\\Service\\Attachment\\AttachmentService->getAttachmentNames()\\n#8 /var/www/nextcloud/apps/mail/lib/Service/Sync/SyncService.php(187): OCA\\Mail\\IMAP\\PreviewEnhancer->process()\\n#9 /var/www/nextcloud/apps/mail/lib/Service/Sync/SyncService.php(135): OCA\\Mail\\Service\\Sync\\SyncService->getDatabaseSyncChanges()\\n#10 /var/www/nextcloud/apps/mail/lib/Controller/MailboxesController.php(151): OCA\\Mail\\Service\\Sync\\SyncService->syncMailbox()\\n#11 /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php(205): OCA\\Mail\\Controller\\MailboxesController->sync()\\n#12 /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php(118): OC\\AppFramework\\Http\\Dispatcher->executeController()\\n#13 /var/www/nextcloud/lib/private/AppFramework/App.php(153): OC\\AppFramework\\Http\\Dispatcher->dispatch()\\n#14 /var/www/nextcloud/lib/private/Route/Router.php(321): OC\\AppFramework\\App::main()\\n#15 /var/www/nextcloud/lib/base.php(1155): OC\\Route\\Router->match()\\n#16 /var/www/nextcloud/index.php(25): OC::handleRequest()\\n#17 {main}\"}",
"CustomMessage": "Failed to find a suitable S/MIME certificate for decryption"
},
"id": "699931438e558"
}
The same S/MIME certificate is being used successfully to decrypt emails in Betterbird and eM Client, as well as Roundcube using the inari007/slime_smime plugin. FWIW I have tried both a pkcs12 cert as well as a separate public/private key with the same issues,
Is the S/MIME certificate only good for signing/encrypting while sending or receiving? I'd assume that given the partnership announced between NextCloud and Stalwart last year that this should be good to go, but I'm new to NextCloud so that may be an errant assumption.
Steps to reproduce
Expected behavior
Folder(s) should load and use the uploaded S/MIME certificate to decrypt emails
Actual behavior
Folder structure is retrieved successfully, but attempting to load the contents of any folder fails with "Could not load folder" error. Log reports a decryption failure for every email in the folder (example log entry):
Mail app version
5.7.0
Nextcloud version
33.0.0.16
Mailserver or service
Stalwart
Operating system
Linux
PHP engine version
None
Nextcloud memory caching
No response
Web server
None
Database
None
Additional info
The same S/MIME certificate is being used successfully to decrypt emails in Betterbird and eM Client, as well as Roundcube using the
inari007/slime_smimeplugin. FWIW I have tried both a pkcs12 cert as well as a separate public/private key with the same issues,Is the S/MIME certificate only good for signing/encrypting while sending or receiving? I'd assume that given the partnership announced between NextCloud and Stalwart last year that this should be good to go, but I'm new to NextCloud so that may be an errant assumption.