This is what my fetchmail log looks like today (UIDs and domains obfuscated): fetchmail: starting fetchmail 6.4.37 daemon fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server4.com: SSL connection failed. fetchmail: socket error while fetching from user4@server4.com@server4.com fetchmail: Query status=2 (SOCKET) fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server3.com: SSL connection failed. fetchmail: socket error while fetching from user3@server3.com@server3.com fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server2.com: SSL connection failed. fetchmail: socket error while fetching from user2@server2.com@server2.com fetchmail: Query status=2 (SOCKET) fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server1.com: SSL connection failed. fetchmail: socket error while fetching from user1@server1.com@server1.com fetchmail: Query status=2 (SOCKET) In principle I should be able to report the exit node somewhere. But I don’t even know how I can determine which exit node is the culprit. Running nyx just shows some of the circuits (guard, middle, exit) but I seem to have no way of associating those circuits with fetchmail’s traffic. Anyone know how to track which exit node is used for various sessions? I could of course pin an exit node to a domain, then I would know it, but that loses the benefit of random selection.