Hostname does not match server certificate


#1

Guys,

I’ve tried all you have previously suggested but definitely I cannot succeed with that. Log says that the hostname does not match the server certificate. Any bit of help?

Thanks for your time, it’s bit frustrating.

Cheers!


Troubleshooting email on a new Discourse install
(Matt Palmer) #2

Fix the server certificate so it matches the hostname. Without knowing which certificate, and which hostname, and how all this came to be, it’s a bit hard to be more helpful than that.


#3

Thanks Matt (@mpalmer)

The complete message from the log is that one:

Sent mail to info@blockchainers.cat (329.6ms)
Job exception: hostname "smtp.blockchainers.cat" does not match the server certificate

And the app.yml file contains as bellow:

## TODO: The domain name this Discourse instance will respond to
DISCOURSE_HOSTNAME: discourse.blockchainers.cat

## Uncomment if you want the container to be started with the same
## hostname (-h option) as specified above (default "$hostname-$config")
#DOCKER_USE_HOSTNAME: true

## TODO: List of comma delimited emails that will be made admin and developer
## on initial signup example 'user1@example.com,user2@example.com'
DISCOURSE_DEVELOPER_EMAILS: 'info@blockchainers.cat'

## TODO: The SMTP mail server used to validate new accounts and send notifications
DISCOURSE_SMTP_ADDRESS: smtp.blockchainers.cat
DISCOURSE_SMTP_PORT: 578
DISCOURSE_SMTP_USER_NAME: info@blockchainers.cat
DISCOURSE_SMTP_PASSWORD: password-here
#DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)

## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
#LETSENCRYPT_ACCOUNT_EMAIL: me@example.com

## The CDN address for this Discourse instance (configured to pull)
## see https://meta.discourse.org/t/14857 for details
#DISCOURSE_CDN_URL: //discourse-cdn.example.com

I’ve already tried with port 25, 578 and 587. Also modified SiteSetting.notification_email with rails command. No succeed.

Telnet seems to repond well:

root@BLOCKCHAINERS:/var/discourse# telnet smtp.blockchainers.cat 578
Trying 46.16.61.50...
Connected to smtp.blockchainers.cat.
Escape character is '^]'.
220 fnsib-smtp07.srv.cat ESMTP
^]

telnet> 

Appart from that, my domain nameserver (CDMON) says that my A register should pint to digitalocean virtual server IP, but my NS should be left empty. It’s a bit confusing to me since Droplet Networking section in digital ocean says I should edit both A and NS registers (please find screenshot attached). . Am I misunderstanding that?

So, I’m running out of ideas to sort it out. Do you have any clue on what is happening or if I’m doing some error with app.yml configuration? By now I can enter the domain and start with Discourse wizard, but no welcome email is entering to my mailbox.

Thanks for all.

Cheers.


(Eli the Bearded) #5

That resolves to a single IP address for me (46.16.61.50) and the server there has a certificate for srv.cat and *.srv.cat, not for anything blockchainers. That’s why you are getting the error. On SMTP connection, the banner identifies the machine as fnsib-smtp07.srv.cat, but DNS lookups of that name don’t return that IP address (although it does return six others near by).

(BTW, I checked the cert with Mailserver encryption test (STARTTLS, TLS and PFS) · SSL-Tools in case other people want to test their servers.)

I think you need to get the *.srv.cat name for that mail server.


#6

Thanks @elijah

How can solve that then? My domain nameserver provider says I should not change NS registars, just the A registar. Is that related with your suggestion?

What if I uncomment this line? Should that solve the problem?

## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
#LETSENCRYPT_ACCOUNT_EMAIL: me@example.com

Cheers.


(Eli the Bearded) #7

You should ask whoever you can what DNS name to use for the mail server so that it will agree with the name in the certificate. It’s not your DNS that is at fault, it is the DNS of the mail server.