UNSOLVED Outbound SSL log entry: "error=ERR_TLS_CERT_ALTNAME_INVALID"
-
I was reviewing some mail logs on my server today and found this:
2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1.1] [outbound] secured verified=false cipher=TLS_AES_256_GCM_SHA384 version=TLSv1.3 error=ERR_TLS_CERT_ALTNAME_INVALID cn=mail.<domain> organization="" issuer="Let's Encrypt" expires="Jan 23 02:21:38 2021 GMT" fingerprint=79:81:76:C6:C4:21:FC:0D:23:B7:AB:CA:A9:42:D6:AB:6D:64:F0:2BI don't recall seeing that error before. As best I can tell, everything is working though. I am raising it simply because I've made two changes recently in the past two weeks, and perhaps one of these triggered this issue? I'm curious if this is something that needs to be fixed or if it can be ignored.
The changes I made recently were:
- Changed mail subdomain from my.<domain> to mail.<domain>.
- Changed the DNS provider, resulting in new certificates being generated for the <domain>.
Any thoughts? Anything I need to do to fix this?
-
Looks like the mail domain name change caused this and the certificate is somehow wrong. Can you see if you maybe just hit https://forum.cloudron.io/topic/3186/how-to-fix-email-certificate-issue-in-5-6/2?_=1603190711357 ?
-
Do you see this many times (like for every mail being sent out?) or is just one log?
-
@girish I see it many times now that I look deeper into it. When I export the full raw logs for email, and search for "ERR_TLS_CERT_ALTNAME_INVALID", I see it finds it 393 times and that's just in just a one day period by the looks of it (26-27th).
@nebulon I will see if that fixes it, will report back soon.
-
More a note for myself... the time of this post is the time I followed and completed the instructions at https://forum.cloudron.io/topic/3186/how-to-fix-email-certificate-issue-in-5-6/2?_=1603190711357
I will watch and report back if I continue to see the error after this date/time of "Oct 27 10:54:31" in my logs.
-
