Email Hostname Certificate Mismatch Causing sidekiq Queue Overload, Severe Site Instability

When I connect to that host and test the STARTTLS I get a certificate that does not match the hostname:

Certificate chain
 0 s:/C=US/ST=California/L=Sunnyvale/O=Proofpoint, Inc./OU=ESP/CN=*.pphosted.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=Thawte RSA CA 2018
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA

and it did not expire yet:

notBefore=Jun 12 00:00:00 2020 GMT
notAfter=Sep 14 12:00:00 2022 GMT

Doing a forward and reverse lookup shows that the mail servers are actually called mx0a-00007101.pphosted.com and mx0b-00007101.pphosted.com

outbound-relays.techservices.illinois.edu. 22 IN A 148.163.139.28
outbound-relays.techservices.illinois.edu. 22 IN A 148.163.135.28

28.139.163.148.in-addr.arpa name = mx0b-00007101.pphosted.com.
28.135.163.148.in-addr.arpa name = mx0a-00007101.pphosted.com.

Try to change the hostname you connect to to one of those instead of the .edu name. It does not need to be a change to the certificate, it might have been a change to the hostname or to the code. But the error is correct: there is indeed a hostname certificate mismatch.

4 Likes