Certificate Domain Mismatch Error
You may receive a "domain mismatch" warning or error when making a secure connection to the DreamHost mail servers (using mail.your_domain.com).
This is because DreamHost's mail server certificate (the NDN Certificate) is for the domain *.mail.dreamhost.com. A connection where the specified domain is mail.yourdomain.com will still be secure but mail programs may show a warning about the domains not matching.
In many mail programs you can examine the certificate sent from the server to your mail program, verify the information in it came from the DreamHost mail server, and choose to connect despite the domains not matching. You should only turn off this error if you trust that the server your are connecting to is the correct server.
You can try the solutions below to avoid receiving the "domain mismatch".
Connect to the mail server using the dreamhost.com server name instead of mail.your_domain.com.
Use these steps to determine what server name to use:
- In the DreamHost Control Panel, click the "Data Centers" link in the main menu.
- Look for the "Mail service" section.
- Find your cluster in the table below.
- Use the server name for the incoming server in your mail program.
|Email Cluster||Server Name|
Some mail programs will still reject the
subX domains as the asterisk (*) in the certificate's
*.mail.dreamhost.com should only match one level of subdomain. Edit your hosts file (see below) if this affects you.
Host File Modification
|The instructions provided in this article or section are considered advanced.|
You are expected to be knowledgeable in the UNIX shell.
If you know what a "hosts" file is and have access to edit the one on your computer, you can add the IP of mail.yourdomain.com to your hosts file and point mail.dreamhost.com at it. YMMV if you ever need to access anything that's actually located on mail.dreamhost.com, but I haven't run across anything yet, personally.
Check with your operating system documentation for where the hosts file is located. Some versions of Windows have it stored in C:\windows\system32\drivers\etc\hosts
An example of the line to add to the hosts file is:
Where 188.8.131.52 would be replaced with the IP address of mail.YourHostName.com. Afterwards, configure your email program to connect to mail.dreamhost.com instead of mail.YourHostName.com. (Be aware that you will not be able to connect to the 'real' mail.dreamhost.com using its hostname
There are various client-specific solutions, often involving turning off the warning about a domain mismatch.
There are solutions to other clients as well. If you have one, please list it here.
Thunderbird will prompt you to create an exception. Click OK and it won't bother you again until the mail server is reconfigured.
The Evolution e-mail client will not even attempt to communicate with mail.dreamhost.com over IMAP/TLS unless you create aforementioned entry in the /etc/hosts file so that mail.dreamhost.com points to the IP address of mail.YOURDOMAIN.com. Evolution will simply fail to negotiate a SSL connection.
Outlook Express (Windows)
- Outlook Express, and potentially other Windows clients
Mail.app (Mac OS X)
- This comment at the blog post linked above gives solution for Mail.app (Mac OS X) This solution no longer works for Mac OS X 10.5 and above.
See Re-Trust SSL Cert for detailed discussion.