DH Let's Encrypt SSL email certificate invalid?

vps

#1

Hello,

When I try to send an email from my domain (VPS) through SMTP, PHPMailer (in this case, but it can be any script) shows me the following error:

CLIENT -> SERVER: EHLO www.site.com
CLIENT -> SERVER: STARTTLS
SERVER -> CLIENT: 220 2.0.0 Ready to start TLS

Warning: stream_socket_enable_crypto(): Unable to locate peer certificate CN in /home/user/site.com/phpmailer/class.smtp.php on line 369
SMTP Error: Could not connect to SMTP host.
CLIENT -> SERVER: QUIT
SERVER -> CLIENT:
SMTP ERROR: QUIT command failed:
SMTP connect() failed.

//////

My PHPMailer has the following:

$mail->IsSMTP(); // Use SMTP
$mail->Host = “sub3.mail.dreamhost.com”;
$mail->Port = 587;
$mail->SMTPAuth = true;
$mail->SMTPSecure = “tls”; //Secure conection

But still fails.

Apparently DreamHost Let’s Encrypt certificates don’t work with PHP 5.6 or something is going rotten with the VPS setup + Let’s Encrypt to send emails through SMTP.

I can avoid using SSL to send emails through SMTP, but they end up in the SPAM folder and appear as non certificated on gmail and outlook.

Please advice what should I do. I’ve tried everything.

I’m writing this here because I tried support several times but they just kick the ball around and offer no help (funny how I came to dreamhost because I used to say the same from other hosts and now…well…I guess it was a matter of time).


#2

Bump!


#3

I am not sure this is related, but recently the SSL certifcates for DreamHost mail server have changed:
https://www.dreamhoststatus.com/pages/incident/575f0f606826303142000510/588156051cbcb48151001209

If that’s not related, try the configuration suggested in this answer to prevent PHP5.6 to strictly check the certificate:

One last thing that comes to my mind is that maybe you’re not passing the correct CA or the VPS has something borked. Try checking things outside of php first with

the output should look something like this http://paste.openstack.org/show/596114/

I’m not sure why you bring up Let’sEncrypt though, as it shouldn’t come into play…


#4

Thanks for your answer! I thought on Let’s Encrypt because I figured it had something to do with it, but it appears it has nothing to do with it.

 Verify return code: 19 (self signed certificate in certificate chain)

This is the only different thing from the openssl s_client check I tried, as per your suggestion. The problem with configuring dreamhost to avoid checking the SSL certificates from the SMTP is that they never mentioned this when I subscribed to the VPS server. On the page it doesn’t says: “oh, and the SMTP can’t be used from your domain because our certificates are fuzzy, so they configuration we run with normally doesn’t allows you to send emails through SMTP”

It should be OK by default. They keep moving my support message from support guy to support guy and they never check my email server certificates, they never check why aren’t they picking up from my domain.


#5

I have the same problem with phpmailer, but this with a configuration that was working until 2-3 days ago. I think it has something to do with the “updated secure certificates across all of our mail clusters” message we get in the cpanel.

I sent a support request regarding this, will keep you posted.


#6

hello folks, I have checked right now with the security team and the issue should have been solved. A certificate package was not being served correctly to some machines. The error has been corrected and measures put in place to avoid its recurrence. Sorry for the trouble.