SSL verify error: certificate name mismatch

kernow

Well-Known Member
Jul 23, 2004
1,015
61
178
cPanel Access Level
Root Administrator
For the last few days some mail sent out is not being delivered due to SSL cert mismatch, example from logs:
2017-02-15 21:14:27 1cdc6P-003mbR-PJ [38.113.116.213] SSL verify error: certificate name mismatch: "/OU=Domain Control Validated/OU=EssentialSSL/CN=mxtls.ctmail.com"
2017-02-15 21:14:28 1cdc6P-003mbR-PJ Remote host closed connection in response to end of data
2017-02-15 21:14:29 1cdc6P-003mbR-PJ [216.163.188.54] SSL verify error: certificate name mismatch: "/OU=Domain Control Validated/OU=EssentialSSL/CN=mxtls.ctmail.com"
2017-02-15 21:14:29 1cdc6P-003mbR-PJ Remote host closed connection in response to end of data
2017-02-15 21:16:37 1cdc6P-003mbR-PJ H=mx.mail2.name-services.com [64.191.223.38] Connection timed out
2017-02-15 21:16:37 1cdc6P-003mbR-PJ == [email protected] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out H=mx.mail2.name-services.com [216.163.188.54]
SSL service cert supplied by cpanel Any ideas?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
Hello,

The SSL warnings should not actually prevent delivery. Instead, it looks to relate to the following error:

2017-02-15 21:16:37 1cdc6P-003mbR-PJ == [email protected] R=dkim_lookuphost T=dkim_remote_smtp defer (110): Connection timed out H=mx.mail2.name-services.com [216.163.188.54]
This message often appears when the system lacks a valid RDNS entry for the IP address used to send email. Check to ensure a RDNS record exists from the IP address used for sending email to the proper hostname. Your data center or hosting provider can help you to setup the record.

You may also want to verify you can connect to that remote mail server over port 25 by running the following command from your system:

Code:
telnet remote-mail-host 25
Thank you.
 

kernow

Well-Known Member
Jul 23, 2004
1,015
61
178
cPanel Access Level
Root Administrator
Hello,
We don't like the security implications of installing telnet. However the server does have a valid PTR (reverse DNS) record. Also the SSL warning is preventing the mail from being delivered as it remains in the mail queue for a few days and resending/forcing just returns the same error.
EDIT
After restarting exim and forcing a mail run, the mail is now delivered. Go figure ........
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
After restarting exim and forcing a mail run, the mail is now delivered. Go figure ........
Hello,

Let us know if you encounter any additional issues.

Thank you.
 
Thread starter Similar threads Forum Replies Date
I Email 26
pujiarahman Email 1
P Email 3
L Email 4
Osama Tariq Email 2