Certificate Domain Mismatch Error
You may receive a "domain mismatch" warning or an error when making a secure connection to the DreamHost mail servers when you use your DreamHost mail server subdomain. For example:
Why does this happen?
This happens because DreamHost's mail server certificate is assigned to *.mail.dreamhost.com, and not your specific domain. A connection where the specified domain is mail.example.com is still secure, but mail programs may show a warning about the domains not matching.
Here is an example when viewing the certificate for mail.websitehelp.support:
You should only turn off this warning if you have verified that you are connecting to DreamHost’s mail servers.
The following sections provide information that helps you prevent this common warning message.
Connecting directly to your DreamHost mail server
Instead of using mail.example.com, you can use the name of your specific DreamHost mail server instead.
To determine which server name to use:
- Log into your DreamHost Panel.
- Navigate to the (Panel > 'Support' > 'Data Centers') page.
- Under the 'Mail service' section you'll see your mail server to the right of any domain. In this example it’s homiemail-sub4.
- Use the matching server name in the table below for the incoming AND outgoing server in your mail program.
Email Cluster Server Name homiemail-sub3
- This example shows homiemail-sub4. So you’d enter sub4.mail.dreamhost.com into your client to connect.
|Note:||Some mail programs will still reject these hostnames as the asterisk (*) in the certificate's *.mail.dreamhost.com should ideally only match one level of subdomain.|
Email client solutions
There are various client-specific solutions, which most often involve simply turning off the warning about a domain mismatch.
Below are some of the more common examples.
Thunderbird prompts you to create an exception. Click the OK button in the warning dialog box and it won't bother you again until the mail server is reconfigured.
Mail.app (Mac OS X)
You must add an
/etc/hosts entry for Mail.app version 7.2 on Mac OSX 10.9.2.
- Open Mac’s terminal and open the hosts file. View the SSH article for instructions on how to open your terminal.
- After you open terminal, find the IP by running this command on your hostname:
dig +short sub4.mail.dreamhost.com 126.96.36.199
- Run the following to open the host file in order to edit it:
sudo nano /private/etc/hosts.
- In the host file, enter the IP address of the server followed by the servername.
- If you are on homiemail-sub4, insert the following:
- If this still doesn't work, make sure the Trust for *.mail.dreamhost.com certificate in Keychain.app is "Always Trust."
Trusting the certificate in Mail.app
For Mail.app version 8.1 on Mac OS X 10.10.1 and above, select “always trust” for the certificate, as shown below:
See Re-Trust SSL Cert for further details.