Well, you could just ignore these. However, this means someone could set up a rogue mail server, inject fake entries into the DNS, and you might find yourself connecting to the rogue server instead of the server you actually wanted. The rogue server would then have your user details and could retrieve your mail as they liked. So here I'll assume you want to silence these errors by fixing the error, not by ignoring the problem.
Let's suppose you are trying to connect to imap.example.com.
First, retrieve the certificate of the server. IMAP over SSL uses port 993. Copy the following and paste it into a shell or terminal window to create a directory that contains the certificate.
mkdir ~/.certs
openssl s_client -connect imap.example.com:993 |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > .certs/imap.pem
c_rehash ~/.certs
If you need to add certificates for several servers, change the filename
(imap.pem above) so each certificate is written to its own file.
Now add
sslcertck sslcertpath $HOME/.certs
to the block in .fetchmailrc relating to imap.example.com.
This should fix the problem. If it does not, then you need to track
down the certificate of the signer of the above certificate, and its
signer, iterating until you reach a root certificate. Each of these
certificates needs to be retrieved from a web site, via SSL on port
443, by email, or other means, and added to the .certs directory.
Don't forget to run c_rehash once you have all of them!
Acknowledgements: thanks to Christoph Rummel, Paul Heinlein, and Ritesh Raj Sarraf for useful information.