Certificate Mismatch Sending Mail
I use cPanel to manage one domain and a number of add on domains. Even though I added the 3rd-level mail.domain.com to my (manually created) Let"s Encrypt certificate, I am wondering if I should add others besides "mail."
And does it make a difference the domain I am referring to (as having the problem) is an add-on domain, not the root domain in my cPanel account. i.e. should I be adding subdomains to my Let"s Encrypt certificate for the root cPanel account like this? mail.addOnDomain.com.RootDomain.com
I can receive mail fine.
I created each email account in cPanel.
Using the "Configure Email Client" page I"ve found the .mobileconfig files to be VERY convenient (iOS & macOS). Except for the fact I can"t send email.
When my mail client tries sending (SMTP) email it stalls then reports a certificate name mismatch error. The mail client shows me the wildcard certificate for the shared hosting domain of my hosting company.
In cPanel > Email > MX Entry page, the root domain is Remote Mail Exchanger. The domain I have a problem with is set to Local Mail Exchanger.
When I installed the certificates I chose Enable SNI for Mail Services.
Based on my reading of others with similar certificate mismatch errors I should try something called AutoSSL, however, this option is not available to me with my current internet host. I asked them for some assistance but they pointed me to you. Thank you.
-
Hello @AcPcBcDcEc , Do you know to find out the mail settings in your Mail client ? I believe Incoming and Outgoing mail server may be set as the hostname of the server in which your account is hosted at. Need to know more details to exactly point the issue. You can see the certificates at cPanel > SSL/TLS > Install and Manage SSL for your site (HTTPS) If you are seeing green padlock on all the domains, atleast on domain.com and mail.domain.com you should be good to go in using the incoming and outgoing email server as mail.domain.com or domain.com whichever you have the green padlock. I am a bit confused on your access level. Is it cPanel or WHM ? You mentions that you have chosen to "Enable SNI for Mail Services" Because if I remember correctly, that option is enabled by default in latest versions of cPanel and you wont see that option at all. Which version of cPanel are you running ? Also check with your host that the shared SSL feature is disabled at WHM end as well. It should be, just checking. I am wondering why does your host ask you to get help from the cPanel forums ? Are you on free hosting or without support ? May be I am not understanding the issue well, but usually this issue should be solved at host level. 0 -
Hi @AcPcBcDcEc It sounds like as @SS-Maddy has suggested there may be a difference between the domain you're sending from + the one you have the certificate for and the domain listed in incoming/outgoing server, that information would most likely be useful in determining what is occurring in this instance. Thanks! 0 -
Hello SS-Maddy & cPanelLauren, " Pretty sure I am not using WHM and only use cPanel. (I only see cPanel and no WHM logo or letters.) " cPanel version 68 I believe. (When I click "Help" on my host"s cPanel interface and it loads the documentation.cpanel.net website, it reports version 68.) " My shared server has its own IP address. " I use Let"s Encrypt to create a cert for example.com and mail.example.com. (It works fine with https, IMAP, & POP3. " To configure my mail client, I could not use the .mobileconfig file since the email wizard does not let me specify any servers or ports. (Hand editing the .mobileconfig file indicates it"s signed.) " So I did enter all the information manually into my email client. " I can get mail (via IMAP or POP since I tested both) when I use mail.example.com. " But when I try to send is when I get into the issues I noted in my first post. " Outgoing mail through mail.example.com somehow causes a stall in my mail client (Mail) then it reports the server returned a certificate that does not include mail.example.com. The certificate is a wildcard cert for the 5th level domain they run it from. (*.prod.iad2.secureserver.net). (I am not keen on accepting that cert for this usage since I would rather trust the cert I installed.) SMTP server in mail client: mail.example.com Certificate for: example.com, mail.example.com, http://www.example.com Domain in "Configure Mail Client" page: mail.example.com
So my client is trying to send via mail.example.com but after that I can only speculate what"s happening. There is an A record for mail pointing to my IP address. There is an MX record for mail.example.com priority 0. There are the two TXT & two SRV records noted on this page:0 -
Hi @AcPcBcDcEc There must be something specific to the configuration that's pulling up the hostname certificate instead of your own. Unfortunately without WHM access you won't be able to see the settings or make modifications. If you have a certificate for the domain that covers the mx record you're using it should not prompt the certificate mismatch. 0
Please sign in to leave a comment.
Comments
4 comments