We use a site-wide SSL certificate for our web and mail servers which we purchased from RAPIDSSL.
About two years ago, they were bought out by an outfit called SECTIGO, and asses apparently decided to shut off the intermediate certificate server even though they still had acquired customers using those certificates and without providing ANY warning to those customers (US), at least this is the explanation I’ve gotten from Integraserver, the dealer I bought the certificate through. SSLShopper’s SSL checker tells me the intermediate server expired a day ago.
Consequently you will get a message when you connect to our mail server saying unable to verify the authenticity. The web server is still working because Apache allows us to configure the intermediate servers into it so it doesn’t rely on their servers but there is no such option with the mail servers.
I am having the certificates re-issued to reflect the current intermediate servers and will install as soon as I receive it.