I just ran into this issue on my own computer. The basis is that when sending or receiving encrypted messages, Mail.app will ask the user for an administrator password to access the certificate or decryption key. It is a really easy fix, but may involve you collecting a few certificates again (unless you can export them).

I discovered that the S/MIME keys were not in the proper section of my Keychain Access.app. The easiest thing to do is search through and “move” them one by one (possibly in a group too) to your “login” keychain.

The next time you send or receive an encrypted email, it should ask you again, but this time it will show you “Always Allow”, if that is what you want to do.