Certificate Domain Mismatch Error
You may receive a "domain mismatch" warning or an error when making a secure connection to the DreamHost mail servers when you use your DreamHost mail server subdomain. For example:
Why does this happen?
This happens becuase DreamHost's mail server certificate is assigned to *.mail.dreamhost.com, and not your specific domain. A connection where the specified domain is mail.example.com is still secure, but mail programs may show a warning about the domains not matching.
Here is an example when viewing the certificate for mail.websitehelp.support:
You should only turn off this warning if you have verified that you are connecting to DreamHost’s mail servers.
The following sections provide information that helps you prevent this common warning message.
Connecting directly to your DreamHost mail server
Instead of using mail.example.com, you can use the name of your specific DreamHost mail server instead.
To determine which server name to use:
- Log into your DreamHost Panel.
- On the top right, click the ‘Account Status’ link.
- Your mail cluster appears at the bottom. In this example it’s homiemail-sub4.
- View the table below to find the correct server name.
- In this example, homiemail-sub4 means you’d enter sub4.mail.dreamhost.com into your client to connect.
- Use the matching server name for the incoming server in your mail program.
|Email Cluster||Server Name|
|Note:||Some mail programs will still reject these hostnames as the asterisk (*) in the certificate's *.mail.dreamhost.com should ideally only match one level of subdomain.|
Email client solutions
There are various client-specific solutions, which most often involve simply turning off the warning about a domain mismatch.
Below are some of the more common examples.
Thunderbird prompts you to create an exception. Click the OK button in the warning dialog box and it won't bother you again until the mail server is reconfigured.
Mail.app (Mac OS X)
You must add an
/etc/hosts entry for Mail.app version 7.2 on Mac OSX 10.9.2.
- Open Mac’s terminal and open the hosts file. View the SSH wiki for instructions on how to open your terminal.
- After you open terminal, run the following.
- This command opens the host file in order to edit it:
sudo nano /private/etc/hosts.
- Find the IP by running this command on your hostname:
dig +short sub4.mail.dreamhost.com 220.127.116.11
- In the host file, enter this IP address of the server followed by the servername.
- If you are on homiemail-sub4, insert the following:
- If this still doesn't work, make sure the Trust for *.mail.dreamhost.com certificate in Keychain.app is "Always Trust."
Trusting the certificate in Mail.app
For Mail.app version 8.1 on Mac OS X 10.10.1 and above, select “always trust” for the certificate, as shown below:
See Re-Trust SSL Cert for further details.