1

I started to use Thunderbird. While sending emails, it gives an error saying that

Sending of the message failed. Unable to communicate securely with peer: requested domain name does not match the server’s certificate. The configuration related to mail.mysite.com must be corrected.

I have a Let's Encrypt SSL certificate issued for both mysite.com and mail.mysite.com. Secure site is working on web.

In the error window, Thunderbird can verify my SSL cert when I try mail.mysite.com without port. However, it cannot find the cert for mail.mysite.com:465. It finds another cert, a Starfield cert, which is a cert my webserver uses in default.

I use Godaddy, they recommend to use mail.mysite.com with SMTP port 465 in outgoing server for SSL. Thunderbird's default port is also 465.

Why does adding port result in different cert? Is there a way to solve this problem?

seeker
  • 11
  • 2
  • *"I use Godaddy, they recommend to use mail.mysite.com with SMTP port 465 in outgoing server for SSL."* - where exactly they recommend these? The official documentation I see for at least some of the services they provide is about using `smtpout.secureserver.net` on port 465. Is this documentation you see really for the service you actually use? – Steffen Ullrich Mar 05 '21 at 16:13
  • @SteffenUllrich, They give this configuration in "Webmail > Configure Mail Client > Mail Client Manuel Settings > Secure SSL/TLS Settings." When I tried `smtpout.secureserver.net` on port 465, it gives; _"Login to server smtpout.secureserver.net with username id@mysite.com failed. Enter new password."_ When I tried another long address of secureserver.net from my other domain, I could send email. Then, 1- Is everything ok by using any outgoing address? 2- It seems I don't need my SSL cert for email, Godaddy provides SSL for email by default and free. Maybe for my hosting plan. Right? – seeker Mar 05 '21 at 22:58
  • I don't know what specific hosting plans actually offer with Godaddy. But it is unknown that at least for a long time (and maybe continuing) Godaddy makes it really a pain to integrate free SSL like Let's Encrypt and instead hopes that users by SSL from Godaddy. – Steffen Ullrich Mar 06 '21 at 05:53

1 Answers1

0

The certificate is for a host, not for a port on that host. So a certificate is valid of any port on that host.

However, the host certificate is presented to the client by a server process serving a port (or some ports) on that host. So you may use the same certificate for the mail server and for the web server, but you must still configure the correct certificate in both applications.

Port 465 is the standard port for smtps (SMTP with SSL). So you should check the configuration of the server certificate on that port.

When you use mail.mysite.com without a port, the standard port for SMTP without SSL is 25. It is possible to connect to port 25 and then use STARTTLS to start encryption. If your client doesn't complain when you connect to port 25, then either your server is configured to present a different (correct) certificate on port 25 with STARTTLS, or your client doesn't use STARTTLS. Without STARTTLS, there is no encryption, and therefor no need to present or verify a certificate.

RalfFriedl
  • 3,008
  • 4
  • 12
  • 17
  • When I use mail.mysite.com without a port in the client's window and click "Get certificate", it says "Valid certificate. This site provides valid, verified identification", and when I click "View", it shows my correct Let's Encrypt cert. If it makes this validation while sending message, it will be ok. When I changed SMTP settings to port 25 with STARTTLS, it gives error; >Sending of the message failed. >The message could not be sent because the connection to Outgoing server (SMTP) >mail.mysite.com timed out. Try again. – seeker Mar 05 '21 at 21:52