cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
sgpascoe
Getting Started

Emails no longer work - certificate mismatch?

Gmail have updated their security guidelines resulting in issues for a huge number of users.

 

This includes my own domain. I am using Godaddy, with Letsencrypt SSL certificates.

I am using email addresses set up within cPanel on the Godaddy shared server.

I have spoken with cPanel, and they have mentioned that the hostname does not match the domain certificates, and this could be what's causing the issue.

 

Looking at SSL Shopper, I can see this, as well as Cpanel's identification of the issue

 

I just need to get my emails working again, and I have no idea what to do next! I'm hoping someone here has more knowledge than I do, to point me in the right direction.

I tried calling Godaddy, but they said they don't understand and they don't know anyone at the company who would. 

16 REPLIES 16
PL281
Super User II

@sgpascoe 

While not 100% certain I believe that this is mixing issues. By nature of cPanel servers you are always going to have different host names as you are on a shared server - also by nature of a cPanel server (shared) many settings are at the server level vs the account level and would affect 100s of sites.

 

I have not seen / heard many reports in the community about email / cPanel issues.

 

Let's start from the top and see where the issue is

1) What is your domain

2) Where is your email hosted - I'm assuming the cPanel account

3) What ever message are you receiving or what is happening / not happening that you are expecting

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

sgpascoe
Getting Started

Hi PL281, 

Thanks for your reply,

 

The domain we're using is float-digital.com, but we also have emails associated with various subdomains. float-digital.com is our priority for now.

 

The email is hosted on Cpanel, and for years, has been accessed through Gmail. However, due to the recent updates to Gmail's security, it cannot connect this way. the error message is "TLS Negotiation failed, the certificate doesn't match the host" as seen here and here

 

1586960943532.png

 

As an alternative, we tried thunderbird, to connect to emails - but this gave us a similar SSL mismatch error.

 

 

@sgpascoe 

 

Is this a VPS server that you have / manage or a cPanel account? The reason I ask is that if it a VPS server you may need to look in WHM to check on the settings in regards to the TLS protocols enabled. 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

sgpascoe
Getting Started

We are on the deluxe shared hosting with Cpanel plan

@sgpascoe 

 

Ok - I would try to connect with the SSL checkbox and see if that resolves the issue

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

sgpascoe
Getting Started

Hahaha, if the problem was that easy I wouldn't be here after asking godaddy, cpanel, and the sysadmin/techsupport subreddits 🤣  I wish it was that simple, It would help me and thousands of others out of a tough situation. It unfortunately says the exact same error with SSL as it does with TLS.

 

According to cpanel, the problem is with the hostname SSL not matching the domain SSL. 

As linked in my first post, this is cpanel's feedback:

 

GtLlnJX.png

 

@sgpascoe 

 

One other obvious option you may have done but just wondering did you try using that IP URL as the server vs your domain name - if that is what it is having issues with it should still connect using that instead - again I realize this maybe stating the obvious but just double checking

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

sgpascoe
Getting Started

Thanks again for sticking with me through this one, I hope I haven't misunderstood your instruction, but if I enter ip-160-153-161-50.ip.secureserver.net as my smtp server, I get the same error as if I enter float-digital.com as my SMTP server.

@sgpascoe 

 

Yes that is exactly what I was asking - a couple of things....

1) When you are in cPanel -> Mail what server names does it show / give you to enter

2) Just to confirm you don't have access to WHM with your account - just cPanel

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

sgpascoe
Getting Started

@PL281 do you think this a solvable problem? I'm worried I may have to move away from godaddy to get this working, and that means a lot of work moving multiple domains and databases, so I'd love to avoid it! 

sgpascoe
Getting Started

If it helps, this is Google's own advice from when they made the change:

 

If you get a “Could not validate certificate” error

When you click Test TLS connection, you might get an error that says “Could not validate certificate…” If you get this error, you can save the new mail route but messages sent from your organization will bounce. 

To fix the error, try one or more of these solutions:

  • If your mail server has more than one host name, make sure you’re using the host name that’s on the server’s certificate.
  • If you have access to the mail server on the route, install a new certificate from a trusted Certificate Authority. Verify the new certificate has the correct host name.
  • If you use a third-party mail relay service, contact the service provider about this error.
  • Turn off one or more of these options:
    • Require mail to be transmitted over a secure transport (TLS) connection
    • Require CA signed certificate
    • Validate certificate hostname

      Important: We recommend keeping these options turned on whenever possible so the connection can be verified.

full change notes here

@sgpascoe 

 

1) If you click email accounts and then select one - It should show you the POP / SMTP / IMAP configuration settings

 

2) On a cPanel account you don't have access to most of those settings.

 

 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

PL281
Super User II

@sgpascoe 

 

In cPanel can you go to SSL Status and make sure you have green locks for the domains - I would also click on view certificate and make sure you don't have multiple certificates for the same domain.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community

sgpascoe
Getting Started

Yes, the SMTP/POP/IMAp settings are in the 'connect devices' section of the email list. Here is an example from one of the emails.

 

Capturaae.JPG

 

These settings do not work in any email client due to the hostname certificate.

 

1586960943532 (1).png

 

I have certified the domain and any subdomain associated with it

 

Captu222re.JPG

 

If you run a check on https://www.checktls.com/TestReceiver for float-digital.com, using the "CertDetail' check, you can see the problem is not with the domain, and anything I have done, but with the Host server:

 

"Cert Hostname DOES NOT VERIFY (mail.float-digital.com != *.prod.ams1.secureserver.net | DNS:*.prod.ams1.secureserver.net | DNS:prod.ams1.secureserver.net)
(see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
So email is encrypted but the host is not verified"

 

 

 

 

 

@sgpascoe 

 

So using that site that you suggested - I see the host name is n1plcpnl0034.prod.ams1.secureserver.net

and it passes - use that and see if it will connect 

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community