The Aliceadsl messaging service is currently based on Free’s infrastructure, which alters the technical chain between the browser and the Zimbra server. Properly configuring your connection to access third-party services like X-Script from this environment requires mastering a few points that public guides do not address.
Zimbra SSL Certificate and net::err_cert_date_invalid Error on Aliceadsl
Accessing zimbra.aliceadsl.fr frequently triggers a net::err_cert_date_invalid error on the browser side, even when the local clock is synchronized. This issue arises from the TLS certificate deployed on the Zimbra server, whose certification chain shows Free’s technical governance.
Recommended read : How to Easily Navigate Your Favorite Websites?
In practice, the browser refuses to establish a secure connection because it does not validate the intermediate certificate. Forcing access through a security exception exposes the session to potential interception, making any subsequent browsing to an external service less reliable.
We recommend checking two elements before any connection attempt: the root certificate in the browser’s store (Chromium or Firefox) and the actual DNS resolution of the domain aliceadsl.fr. If the intermediate certificate is missing from the local bundle, manually adding it via the Windows certificate manager resolves the blockage without bypassing security.
Read also : How to Easily Access Your Air France Tools with Intralignes: The Complete Guide
To access X-Script from Aliceadsl without the browser inheriting a degraded session context, it is better to isolate the tabs: a browser profile dedicated to Zimbra messaging, another for third-party services.
Free Redirection and DNS Resolution from an Aliceadsl Connection
Since the migration, the Alice mail console redirects to the Free ecosystem. The official login page explicitly redirects to subscribe.free.fr for account management. This redirection has a direct consequence on DNS resolution.
The DNS server assigned by default to an Aliceadsl connection is that of Free. However, this resolver may cache expired records, particularly for third-party domains like x-script.net. The typical symptom: a page that loads normally from a mobile network but remains inaccessible from the Aliceadsl box.
- Replace the default DNS with a public resolver (Quad9 DNS or Cloudflare’s) in the network adapter settings, not in the box
- Clear the local DNS cache with ipconfig /flushdns on Windows before retesting access
- Check that the box does not force a transparent proxy by inspecting the HTTP response headers (Via or X-Forwarded-For field)
This manipulation is sufficient in most cases to restore smooth access to external web services from an Aliceadsl line.
IMAP and SMTP Configuration to Separate Messaging and Web Browsing
Using the Zimbra webmail in the browser to check your Aliceadsl emails consumes a TLS session that can interfere with other tabs. Switching to a desktop client via IMAP eliminates this conflict.
The IMAP connection settings for an Aliceadsl account are as follows:
| Protocol | Server | Port | Encryption |
| IMAP | imap.free.fr | 993 | SSL/TLS |
| SMTP | smtp.free.fr | 465 | SSL/TLS |
The identifier remains the full address ([email protected]). The password is that of the associated Free account, not the old Alice password. We observe that the confusion between these two identifiers causes most of the “login or incorrect password” errors reported on forums.
Once the messaging is moved to Thunderbird, Mailbird, or an equivalent, the browser no longer has any open Zimbra sessions. Access to third-party web services then occurs without cookie interaction or inherited certificates.
Windows Firewall and Port Filtering on the Aliceadsl Box
A residual blockage may come from the local firewall or the filtering integrated into the box. Older Aliceboxes and some Freeboxes in bridge mode filter outgoing connections on non-standard ports by default.
X-Script uses port 443 (standard HTTPS), which should not pose any problems. However, if a proxy or parental control is active on the box, HTTPS traffic passes through content inspection that may break the TLS negotiation.
- Disable parental control in the box management interface (mafreebox.freebox.fr for migrated lines)
- Check in the Windows firewall that the outgoing rules allow the browser on port 443
- Test with a traceroute to the target domain to identify any intermediate hop added by the box
If the traceroute reveals an additional node between the box and the destination server, the bridge mode of the box is likely to blame. Switching back to standard router mode and restarting the box corrects this behavior.
Hosts File and Local Resolution as a Last Resort
When all network checks are done and access remains blocked, the Windows hosts file can force resolution. This method bypasses the box’s DNS and the resolver.
Open the file C:WindowsSystem32driversetchosts with an editor in administrator mode, then add an entry pointing the target domain to its actual IP address. The IP can be retrieved via an nslookup command from a functional network (mobile, VPN, third-party network).
This solution remains a temporary workaround. It does not eliminate the root cause, whether it is a faulty DNS, a transparent proxy, or a missing intermediate certificate. But it allows for functional access in a few seconds, while properly diagnosing the connection chain.