diff --git a/modules/accounts/email.nix b/modules/accounts/email.nix
index f92201495..a06a1d283 100644
--- a/modules/accounts/email.nix
+++ b/modules/accounts/email.nix
@@ -71,7 +71,7 @@ let
       };
 
       certificatesFile = mkOption {
-        type = types.path;
+        type = types.nullOr types.path;
         default = config.accounts.email.certificatesFile;
         defaultText = "config.accounts.email.certificatesFile";
         description = ''
@@ -354,7 +354,7 @@ let
 in {
   options.accounts.email = {
     certificatesFile = mkOption {
-      type = types.path;
+      type = types.nullOr types.path;
       default = "/etc/ssl/certs/ca-certificates.crt";
       description = ''
         Path to default file containing certificate authorities that
diff --git a/modules/programs/git.nix b/modules/programs/git.nix
index 097fbf4b4..9175eb9c6 100644
--- a/modules/programs/git.nix
+++ b/modules/programs/git.nix
@@ -295,7 +295,8 @@ in {
                   "ssl")
               else
                 "";
-              smtpSslCertPath = mkIf smtp.tls.enable smtp.tls.certificatesFile;
+              smtpSslCertPath =
+                mkIf smtp.tls.enable (toString smtp.tls.certificatesFile);
               smtpServer = smtp.host;
               smtpUser = userName;
               from = address;
diff --git a/modules/programs/msmtp.nix b/modules/programs/msmtp.nix
index f8ba6a6f7..e1fc35d2e 100644
--- a/modules/programs/msmtp.nix
+++ b/modules/programs/msmtp.nix
@@ -21,11 +21,12 @@ let
         user = userName;
         tls = onOff smtp.tls.enable;
         tls_starttls = onOff smtp.tls.useStartTls;
-        tls_trust_file = smtp.tls.certificatesFile;
       } // optionalAttrs (msmtp.tls.fingerprint != null) {
         tls_fingerprint = msmtp.tls.fingerprint;
       } // optionalAttrs (smtp.port != null) { port = toString smtp.port; }
-        // optionalAttrs (passwordCommand != null) {
+        // optionalAttrs (smtp.tls.certificatesFile != null) {
+          tls_trust_file = smtp.tls.certificatesFile;
+        } // optionalAttrs (passwordCommand != null) {
           passwordeval = toString passwordCommand;
         } // msmtp.extraConfig) ++ optional primary ''
 
diff --git a/modules/programs/neomutt.nix b/modules/programs/neomutt.nix
index dbfe88990..26b5914dc 100644
--- a/modules/programs/neomutt.nix
+++ b/modules/programs/neomutt.nix
@@ -185,7 +185,7 @@ let
     ''
       # Generated by Home Manager.
       set ssl_force_tls = yes
-      set certificate_file=${config.accounts.email.certificatesFile}
+      set certificate_file=${toString config.accounts.email.certificatesFile}
 
       # GPG section
       set crypt_use_gpgme = yes
diff --git a/modules/programs/offlineimap.nix b/modules/programs/offlineimap.nix
index edb6e7360..d5e3a5309 100644
--- a/modules/programs/offlineimap.nix
+++ b/modules/programs/offlineimap.nix
@@ -56,7 +56,7 @@ let
 
       ssl = if imap.tls.enable then {
         ssl = true;
-        sslcacertfile = imap.tls.certificatesFile;
+        sslcacertfile = toString imap.tls.certificatesFile;
         starttls = imap.tls.useStartTls;
       } else {
         ssl = false;