Join Log in
Score:1
Broken Arrow avatar Server

Which domain/host to use with certificate for mail server

sr flag
Broken Arrow

I am having difficulties (confused) understanding SSL for a domain for mail server. GMail "send mail as" set up is reporting error with "550 certificate name does not match host name" while trying to connect with SSL/TLS.

Domain: domain.com

Mail domain: mail.domain.com

Email account: [email protected]

DNS

A domain.com IP

CNAME mail domain.com

MX @ domain.com

Tried with SSL certificates for both domain.com & mail.domain.com. I am confused which domain/host I should use the SSL certificate for: domain.com or mail.domain.com? Tried both.

Note: Can't use a wild card SSL certificate. Am using ZeroSSL free certificate.

120
2 + 2
ssl
in flag
Gerald Schneider
Please don't add "solved" to your question. Instead, post your solution as an answer and accept it. Otherwise the question will stay in the system as unsolved forever.
1
Reply
Broken Arrow avatar
sr flag
Broken Arrow
Sure, lemme do it now.
0
Reply
Score:0
Keith Langmead avatar Server
us flag
Keith Langmead

The "550 certificate name does not match host name" error suggests the issue isn't related to your email address as such, rather the host address you're sending from / receiving to.

So for instance you may be sending as domain.com, but Google are receiving the SMTP connection from mailserver.somedomain.com, and that's the certificate they're after.

Either that or I see some reports of getting the same error where the host listed in the MX record isn't included in the certificate returned by the mail server. You can test that here https://www.checktls.com/TestReceiver

+ 2
Broken Arrow avatar
sr flag
Broken Arrow
This is an absolute frustration with Windows Mail server (I admit I missing things) :( The domain is BINARY.MEN, the HELO replies with the same doamin, tried generating certificates from ZoroSSL, Let's encrypt & cPanel Inc., nothing seems to satisfy GMail :( I could have prepared 25 RHEL boxes working perfectly for this purpose!
0
Reply
Broken Arrow avatar
sr flag
Broken Arrow
Thanks for the help. Although the test is failing with TLS, CERT & SECURE, but everything seems to be working fine after fixing the intermediate certificate thing.
0
Reply
Score:0
Broken Arrow avatar Server
sr flag
Broken Arrow

SOLUTION

It was a problem with intermediate certificates, although it is still confusing to me as I was using the same host name for mail account, DNS & mail server host!

Added fullchain.pem as the certificate, not the domain.crt (created with Let's encrypt) and it all started working fine.

OBSERVATION

There was no way I could have noticed this while trying to add SMTP account to GMail, it was just failing. Then I tried to add a POP3 connection withing GMail, and it came up with the actual issue that intermediate certificates were missing, that also fixed the SMTP connection issue! Expected better from Google.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.