Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Certificate Mismatch Sending Mail

Discussion in 'E-mail Discussion' started by AcPcBcDcEc, Jun 30, 2018.

  1. AcPcBcDcEc

    AcPcBcDcEc Registered

    Joined:
    Jun 30, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    I use cPanel to manage one domain and a number of add on domains. Even though I added the 3rd-level mail.domain.com to my (manually created) Let’s Encrypt certificate, I am wondering if I should add others besides ‘mail.’

    And does it make a difference the domain I am referring to (as having the problem) is an add-on domain, not the root domain in my cPanel account. i.e. should I be adding subdomains to my Let’s Encrypt certificate for the root cPanel account like this? mail.addOnDomain.com.RootDomain.com

    I can receive mail fine.

    I created each email account in cPanel.

    Using the ‘Configure Email Client’ page I’ve found the .mobileconfig files to be VERY convenient (iOS & macOS). Except for the fact I can’t send email.

    When my mail client tries sending (SMTP) email it stalls then reports a certificate name mismatch error. The mail client shows me the wildcard certificate for the shared hosting domain of my hosting company.

    In cPanel > Email > MX Entry page, the root domain is Remote Mail Exchanger. The domain I have a problem with is set to Local Mail Exchanger.

    When I installed the certificates I chose Enable SNI for Mail Services.

    Based on my reading of others with similar certificate mismatch errors I should try something called AutoSSL, however, this option is not available to me with my current internet host. I asked them for some assistance but they pointed me to you. Thank you.
     
  2. SS-Maddy

    SS-Maddy Well-Known Member

    Joined:
    Mar 28, 2009
    Messages:
    105
    Likes Received:
    6
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hello @AcPcBcDcEc ,

    Do you know to find out the mail settings in your Mail client ? I believe Incoming and Outgoing mail server may be set as the hostname of the server in which your account is hosted at. Need to know more details to exactly point the issue.

    You can see the certificates at cPanel > SSL/TLS > Install and Manage SSL for your site (HTTPS)

    If you are seeing green padlock on all the domains, atleast on domain.com and mail.domain.com you should be good to go in using the incoming and outgoing email server as mail.domain.com or domain.com whichever you have the green padlock.


    I am a bit confused on your access level. Is it cPanel or WHM ? You mentions that you have chosen to "Enable SNI for Mail Services" Because if I remember correctly, that option is enabled by default in latest versions of cPanel and you wont see that option at all. Which version of cPanel are you running ? Also check with your host that the shared SSL feature is disabled at WHM end as well. It should be, just checking.

    I am wondering why does your host ask you to get help from the cPanel forums ? Are you on free hosting or without support ? May be I am not understanding the issue well, but usually this issue should be solved at host level.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @AcPcBcDcEc


    It sounds like as @SS-Maddy has suggested there may be a difference between the domain you're sending from + the one you have the certificate for and the domain listed in incoming/outgoing server, that information would most likely be useful in determining what is occurring in this instance.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. AcPcBcDcEc

    AcPcBcDcEc Registered

    Joined:
    Jun 30, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    United States
    cPanel Access Level:
    Website Owner
    Hello SS-Maddy & cPanelLauren,

    • Pretty sure I am not using WHM and only use cPanel. (I only see cPanel and no WHM logo or letters.)
    • cPanel version 68 I believe. (When I click ‘Help’ on my host’s cPanel interface and it loads the documentation.cpanel.net website, it reports version 68.)
    • My shared server has its own IP address.
    • I use Let’s Encrypt to create a cert for example.com and mail.example.com. (It works fine with https, IMAP, & POP3.
    • To configure my mail client, I could not use the .mobileconfig file since the email wizard does not let me specify any servers or ports. (Hand editing the .mobileconfig file indicates it’s signed.)
    • So I did enter all the information manually into my email client.
    • I can get mail (via IMAP or POP since I tested both) when I use mail.example.com.
    • But when I try to send is when I get into the issues I noted in my first post.
    • Outgoing mail through mail.example.com somehow causes a stall in my mail client (Mail) then it reports the server returned a certificate that does not include mail.example.com. The certificate is a wildcard cert for the 5th level domain they run it from. (*.prod.iad2.secureserver.net).

    (I am not keen on accepting that cert for this usage since I would rather trust the cert I installed.)
    Code:
    SMTP server in mail client: mail.example.com
    Certificate for: example.com, mail.example.com, http://www.example.com
    Domain in ‘Configure Mail Client’ page: mail.example.com
    
    So my client is trying to send via mail.example.com but after that I can only speculate what’s happening.

    There is an A record for mail pointing to my IP address.
    There is an MX record for mail.example.com priority 0.

    There are the two TXT & two SRV records noted on this page:
    Configuring DNS for your cPanel domain | Linux Hosting (cPanel) - GoDaddy Help IN


    (I am willing for the admins to cut off the rest of this post since although it’s related and answers a question posed to me, it might add to noise in future searches of the forum.)
    [
    First call to support on this issue and I was not impressed the person didn’t seem to understand the difference between a Let’s Encrypt certificate for my domain and PGP encryption keys for dealing with individual emails. She kept on talking about encrypting emails and I tried to explain I was not talking about individual emails.

    My next call to support was faster since the person understood more, perhaps because I used the phone tree to go directly to their wing that sells certificates. I described what I was doing in a nice way. Namely creating some email accounts. But he could clearly see I was cancelling my few hundred dollar email plan which was overkill for my needs and re-created the (not whoppingly huge number of 2) email accounts using my cPanel interface.

    Thus when I stated I used cPanel to create my mail accounts, and cPanel to install my Let’s Encrypt certificates, I knew I was not going to be warmly received.

    I explained I was stymied by what to do since the cPanel interface said to use mail.example.com for the SMTP server, and I kept on getting certificate name mismatch errors. He told me something like he could help me with GoDaddy email issues but issues with cPanel would require turning to the Internet at large.

    I certainly did expect them to help me and solve my problem. And I have the feeling the answer is something relatively simple, like doing something my to DNS records, or perhaps I need to update my Let’s Encrypt certificate for the root account, let’s call it RootDomain.com with some fanciness like what cPanel seems to be doing with Add-On domains. Namely add mail.AddOnDomain.com.RootDomain.com to the RootDomain.com certificate. But I am unsure and don’t want to spend hours testing things.
    ]

    Thank you for your help.
     
  5. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,721
    Likes Received:
    186
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @AcPcBcDcEc

    There must be something specific to the configuration that's pulling up the hostname certificate instead of your own. Unfortunately without WHM access you won't be able to see the settings or make modifications. If you have a certificate for the domain that covers the mx record you're using it should not prompt the certificate mismatch.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice