SOLVED: TLS Negotiation failed, the certificate doesn't match the host., code: 0

Questions and discussion about web design, search engine optimisation and hosting
Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-4-28 18:09

EwanRobb wrote:
2020-4-28 17:31
DadsonFire.club. On GoDaddy, has worked fine for years and stopped today! Godaddy don't have a clue about it.

mail.dadsonfire.club
Port 587 TLS
OK, you are hosted on GoDaddy. Did you follow my instructions and logged into cPanel? That way you can find the host name that will work on gmail. Also, you gmail setting are no longer functional. You need to use
SMTP server: check host name from your cPanel
Port: 465
SSL
The problem is in gmail. They changed the way they check SSL certificates, And GoDaddy does not have a functional SSL certificate for the reverse DNS names of their shared hosting servers. You reverse DNS host name is ip-160-153-129-24.ip.secureserver.net and it does not have a valid SSL certificate. Here is the full explanation.



EwanRobb

Unread post by EwanRobb » 2020-4-28 18:19

Yes, i did all that too mate. Followed the instructions excitedly with no joy.

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-4-28 18:20

EwanRobb wrote:
2020-4-28 18:19
Yes, i did all that too mate. Followed the instructions excitedly with no joy.
Hmm, strange. What host name are you seeing in your cPanel, the web address in your web browser? What is the whole URL?

EwanRobb

Unread post by EwanRobb » 2020-4-28 18:32

https://n3plcpnl0046.prod.ams3.securese ... 4814928359

I should've said, when i followed your steps i get - Authentication failed. Please check your username/password.
Server returned error: "535 Incorrect authentication data , code: 535"

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-4-28 18:44

EwanRobb wrote:
2020-4-28 18:32
https://n3plcpnl0046.prod.ams3.securese ... 4814928359

I should've said, when i followed your steps i get - Authentication failed. Please check your username/password.
Server returned error: "535 Incorrect authentication data , code: 535"
Try these:
  • SMTP server: n3plcpnl0046.prod.ams3.secureserver.net
  • Login: Your email address, for example contact@webseodesigners.com
  • Password: Use the email account’s password, the same you use when you check your email using GoDaddy webmail.
  • Port: 465
  • Select Secured connection using SSL
If that will not work, please make sure you are using cPanel email, not workspace or office 365 etc.

EwanRobb

Unread post by EwanRobb » 2020-4-28 19:08

535 error again. It's nly cpanel i use.

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-4-28 19:37

EwanRobb wrote:
2020-4-28 19:08
535 error again. It's nly cpanel i use.
Then the problem has to be in your cPanel settings, login or password, if the SMTP server name is the one I gave you.

EwanRobb

Unread post by EwanRobb » 2020-4-28 20:39

ok, nailed it!

I had to use the cpanel login credentials and not the actual email address ewan@dadsonfire.club

Thanks very much for all the help, much appreciated

RIACSA

Unread post by RIACSA » 2020-5-3 03:27

thanks brother excellent work, errs un alma generosa.

DigitalD

Unread post by DigitalD » 2020-5-4 18:31

Good effort. Works a treat

jasveerrana

Unread post by jasveerrana » 2020-5-8 10:48

Thank you so much Santeri.

dimitris.vamvakas

Unread post by dimitris.vamvakas » 2020-5-16 13:30

Hi Santeri! This post looks like it's the only one containing any information on the matter in general.
I have tried your solution, using linuxzone129.grserver.gr as my SMTP Server and SSL and 425 port.
Although all works out, I even get a confirmation mail from Google, when I try to send an email , when pushing the send button it is inactive, nothing happens. :o
Am a bit stuck now! :)
Dimitris

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-5-16 20:35

dimitris.vamvakas wrote:
2020-5-16 13:30
Although all works out, I even get a confirmation mail from Google, when I try to send an email , when pushing the send button it is inactive, nothing happens. :o
Hmm. That is really weird, it has never happened to me. Have you tried disabling your browser add-ons? Does it happen with other web browsers? Can you send email normally when the sender is your gmail address?

If you send me a screenshot, I could take a look at it if I have any other ideas.

Cheers,

Santeri

GameEver

Unread post by GameEver » 2020-5-21 22:00

Santeri! You are my saviour!

I configured the "real" name of my server (p3plcpnl0867.prod.phx3.secureserver.net) in the SMTP Server box and i can finally send emails!

The problem i have now is that emails that i send arrive with a Question Mark to other gmails and if you put the mouse over the image is says "Gmail couldn't verify that mydomain.com actually sent this message (and not a spammer)".

So i checked my email with this tool: https://www.checktls.com/TestReceiver
And everything returns 100% excepting "Cert", and the error i get is:

Code: Select all

Cert Hostname DOES NOT VERIFY (mail.gameeverstudio.com != *.prod.phx3.secureserver.net | DNS:*.prod.phx3.secureserver.net | DNS:prod.phx3.secureserver.net)
(see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
So email is encrypted but the host is not verified
I already spent about 3 hours yesterday and 4 hours today chatting with GoDaddy Support and it is so useless it hurts. And i don't really understand much about all this. Do you know what this could be?

GameEver

Unread post by GameEver » 2020-5-21 22:02

dimitris.vamvakas wrote:
2020-5-16 13:30
Hi Santeri! This post looks like it's the only one containing any information on the matter in general.
I have tried your solution, using linuxzone129.grserver.gr as my SMTP Server and SSL and 425 port.
Although all works out, I even get a confirmation mail from Google, when I try to send an email , when pushing the send button it is inactive, nothing happens. :o
Am a bit stuck now! :)
Dimitris
I experienced the same thing, you just have to Refresh your Gmail tab.

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-5-21 23:50

GameEver wrote:
2020-5-21 22:00
The problem i have now is that emails that i send arrive with a Question Mark to other gmails and if you put the mouse over the image is says "Gmail couldn't verify that mydomain.com actually sent this message (and not a spammer)".

I already spent about 3 hours yesterday and 4 hours today chatting with GoDaddy Support and it is so useless it hurts. And i don't really understand much about all this. Do you know what this could be?
In Poople Gmail click the message with question mark open, then click from the message menu "Show original":
Image That will tell you what is wrong. The most common reason is missing or wrong SPF record in your DNS.

If you are using GoDaddy CPanel email with Gmail, your DNS should have these entries:

Code: Select all

@	604800	 IN 	TXT	"v=spf1 a mx ptr include:secureserver.net ~all"
mail	604800	 IN 	TXT	"v=spf1 a mx ptr include:secureserver.net ~all"
GoDaddy does not support DKIM or DMARC so those 2 will always fail. If you want them to work, too, to reduce the risk of your emails ending up to spam folders, you can try https://sendgrid.com/. It is free if you send no more than 100 emails per day.

GameEver

Unread post by GameEver » 2020-5-22 01:50

Wow thanks for answering so fast!

I checked "Show Original". This is what i got:
SPF: SOFTFAIL with IP 184.168.200.142 Learn more
DKIM: 'FAIL' with domain gameeverstudio.com Learn more

According to what you said DKIM will always fail so i will see if i can solve the SPF.

I just did what you told me. I put "1 hour" in time, don't know if it is correct. I guess i have to wait 12 hours for this to propagate or something like that, right?
Image

That sendgrid you mentioned looks nice, i never send more than 100 emails in a day, ever. I will take a look at it.

iKooza

Unread post by iKooza » 2020-5-31 02:00

I also had the same issue but I wasn't with GoDaddy.

I fixed this error by resolving the SSL certificate on the server for mail.yourdomain.com
Under "Manage SSL Hosts" in WHM, I realized that the SSL was red for the mail subdomain.
I disabled SSL for this domain and re-enabled this from WHM and forced to generate new keys. Once the mail subdomain was given a self-signed SSL certificate, the is got resolved instantly on Gmail.

Hope this helps - I spend a couple of hours figuring this out.

jungliboys

Unread post by jungliboys » 2020-6-7 06:28

thanks brother its very helpful for me but after this removing problem .i am also facing for webmail verification massage not receive in my webmail. :( please brother help me for that

Santeri
Posts: 287
Joined: 2017-7-5 09:58

Unread post by Santeri » 2020-6-7 11:43

jungliboys wrote:
2020-6-7 06:28
i am also facing for webmail verification massage not receive in my webmail.
Do you mean that gmail verification email does not come to your webmail? If you have your email already imported by gmail, then gmail will automatically lose those emails. You need to switch off "Check email from other accounts" until you have verified your email address(es).

Post Reply