Certificate Domain Mismatch Error

From DreamHost
Jump to: navigation, search

Overview

You may receive a "domain mismatch" warning or an error when making a secure connection to the DreamHost mail servers when you use your DreamHost mail server subdomain. For example:

mail.example.com

Why does this happen?

This happens becuase DreamHost's mail server certificate is assigned to *.mail.dreamhost.com, and not your specific domain. A connection where the specified domain is mail.example.com is still secure, but mail programs may show a warning about the domains not matching.

Here is an example when viewing the certificate for mail.websitehelp.support:

02 Domain Mismatch.fw.png

You should only turn off this warning if you have verified that you are connecting to DreamHost’s mail servers.

The following sections provide information that helps you prevent this common warning message.

Connecting directly to your DreamHost mail server

Instead of using mail.example.com, you can use the name of your specific DreamHost mail server instead.

To determine which server name to use:

  1. Log into your DreamHost Panel.
  2. On the top right, click the ‘Account Status’ link.
    The following drop down appears:
    04 Control Panel.fw.png
    • Your mail cluster appears at the bottom. In this example it’s homiemail-sub4.
  3. View the table below to find the correct server name.
    • In this example, homiemail-sub4 means you’d enter sub4.mail.dreamhost.com into your client to connect.
  4. Use the matching server name for the incoming server in your mail program.
Email Cluster Server Name
homiemail-sub3 sub3.mail.dreamhost.com
homiemail-sub4 sub4.mail.dreamhost.com
homiemail-sub5 sub5.mail.dreamhost.com
homiemail-master homie.mail.dreamhost.com
Note2 icon.png Note: Some mail programs will still reject these hostname as the asterisk (*) in the certificate's *.mail.dreamhost.com should only match one level of subdomain.


Email client solutions

There are various client-specific solutions, which most often involves simply turning off the warning about a domain mismatch.

Below are some of the more common examples.

Thunderbird

Thunderbird prompts you to create an exception. Click the OK button in the warning dialog box and it won't bother you again until the mail server is reconfigured.

Mail.app (Mac OS X)

You must add an /etc/hosts entry for Mail.app version 7.2 on Mac OSX 10.9.2.

To add:

  1. Open Mac’s terminal and open the hosts file. View the SSH wiki for instructions on how to open your terminal.
  2. After you open terminal, run the following.
    This command opens the host file in order to edit it:
    sudo nano /private/etc/hosts.
  3. Find the IP by running this command on your hostname:
    dig +short sub4.mail.dreamhost.com
    
    69.163.253.135
    
  4. In the host file, enter this IP address of the server followed by the servername.
    If you are on homiemail-sub4, insert the following:
    69.163.253.135 sub4.mail.dreamhost.com
    
    • If this still doesn't work, make sure the Trust for *.mail.dreamhost.com certificate in Keychain.app is "Always Trust."
Note2 icon.png Notes:
  • If you make changes to your system, DreamHost support cannot provide assistance for any errors that may occur as you are responsible for any changes that you make.
  • The IP assigned to your cluster can change, which will prevent you from connecting. Please only make this change as a last resort or for a temporarily solution.


Trusting the certificate in Mail.app

For Mail.app version 8.1 on Mac OS X 10.10.1 and above, select “always trust” for the certificate, as shown below:

03 Domain Mismatch.fw.png

See Re-Trust SSL Cert for further details.