Zimbra 8 will refuse to fetch emails from external accounts if the remote server is using a self-signed (or invalid) SSL certificate. Hence this is a good thing in terms of security, sometimes it isn't possible to control how external mail providers is handling their things.
This limitation is active even if "Use an encrypted connection (SSL) when accessing this server" isn't checked, since Zimbra will automatically use STARTTLS if detects that remote server support it.
$ sudo -i -u zimbra
$ zmlocalconfig -e javamail_imap_enable_starttls=false
$ zmlocalconfig -e javamail_pop3_enable_starttls=false
$ zmmailboxdctl restart