I started to use Thunderbird. While sending emails, it gives an error saying that
Sending of the message failed.
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
The configuration related to mail.mysite.com must be corrected.
I have a Let's Encrypt SSL certificate issued for both mysite.com and mail.mysite.com. Secure site is working on web.
In the error window, Thunderbird can verify my SSL cert when I try mail.mysite.com without port. However, it cannot find the cert for mail.mysite.com:465. It finds another cert, a Starfield cert, which is a cert my webserver uses in default.
I use Godaddy, they recommend to use mail.mysite.com with SMTP port 465 in outgoing server for SSL. Thunderbird's default port is also 465.
Why does adding port result in different cert?
Is there a way to solve this problem?
Best Answer
The certificate is for a host, not for a port on that host. So a certificate is valid of any port on that host.
However, the host certificate is presented to the client by a server process serving a port (or some ports) on that host. So you may use the same certificate for the mail server and for the web server, but you must still configure the correct certificate in both applications.
Port 465 is the standard port for smtps (SMTP with SSL). So you should check the configuration of the server certificate on that port.
When you use mail.mysite.com without a port, the standard port for SMTP without SSL is 25. It is possible to connect to port 25 and then use STARTTLS to start encryption. If your client doesn't complain when you connect to port 25, then either your server is configured to present a different (correct) certificate on port 25 with STARTTLS, or your client doesn't use STARTTLS. Without STARTTLS, there is no encryption, and therefor no need to present or verify a certificate.