Obviously yes. To give a better answer I need more details. Which port did you connect to with the web browser? If it's just https://..., it will connect to port 443 and it may not be the same port the mail sync connects to. Hence, the service behind the port and the certificates it sends may be different.

One possible reason to the problem is that while the server certificate and the root certificate are OK, the sync client has problems in validating the intermediate CA certificates.

To get to the bottom of this, please do the following. Give the same command as before but this time with the -s-switch to save the certificates the server sends.

...which makes the command to write a couple of files with the .pem-extension in the current default directory. Then send those files to me. They should contain no secrets, so I guess it's all right to do this.

I updated these instructions to the Heartbeat wiki as well.