This is a cut/paste from our OptoKnowledgeBase on this error code. (Just trying to get the word out for the solution as much as possible).
SYMPTOMS
Note: This issue is related to using a Gmail account as the User Account.
When using either the SendEmail or SendEmail With Attachments command using a Gmail user account, the result of the command may be a -2104 status code (SSL: Handshake failed due to invalid or unverifiable certificate).
CAUSE
In February 2017, Google announced that it will change the security certificates used by Gmail (without notice). Google recently changed the required security certificate used with Gmail.
TEMPORARY WORKAROUND
This workaround is valid only until the next time Google changes the security certificate used with Gmail.
Follow these steps to download and install a certificate that works (as of December 7, 2017) with Gmail.
Go to the Opto 22 FTP website (ftp://ftp.opto22.com).
Note: Some browsers automatically put the characters “http://” in front of some URLS. If this happens, you’ll need to delete the http:// characters (or type ftp://ftp.opto22.com in your browser’s URL address field) and then press Enter.
Browse to this folder: /Public/Public_Folders_(Unsecured)/Archives_(Software_and_Firmware)/Firmware_Archives/SNAP-PAC_Firmware_Archives/Gmail_CA_Root_Certificate/
Download the GlobalSignRootCA-R2.crt file.
Open PAC Manager, and go to the I/O Unit Maintenance window (Tools > Maintenance).
Note: As part of the process of installing the certificate on the controller, the controller will be restarted in order for it to take effect. You may need to schedule a system shutdown to coordinate putting the certificate on the controller and rebooting the controller.
In the Command section, select “Install CA Root Certificate.”
Click the Restart Device check box. (This will cause the controller to be automatically restarted during the process of installing the certificate.)
Use the Browse button […] to find and select the downloaded certificate.
Click the Execute button to install the certificate and restart the controller.
Note: This workaround is temporary because Google may change the certificate again at any time.
RESOLUTION
Due to Google’s decision to change Gmail CA Root certificates without notice, Opto 22 cannot prevent -2104 errors when sending Gmail emails using the SendEmail and SendEmailWithAttachments command.
Consequently, Opto 22 recommends sending emails from a mail service provider that uses Equifax® or Digicert® certificates (such as Outlook® and Yahoo! Mail®).