stream_socket_enable_crypto(): Peer certificate CN=`cs723.mojohost.com' did not match expected CN=`smtp.sendgrid.net'

Asked 9/1, 2017 at 17:57 Answered 5/8 at 12:19

We are attempting to send an autoresponder email to new members. We're using the same configuration on other sites on the same server with no issue. Upon sending the email the following error is returned:

stream_socket_enable_crypto(): Peer certificate CN=cs723.mojohost.com did not match expected CN=smtp.sendgrid.net

https://gyazo.com/ffb0cb7645d51ed21ecc863f1e3196b2

We're using Laravel with connecting to: smtp.sendgrid.net port - 587 encription using TLS

We have tried the following with no success:

port options 25 & 2525 (returns a different error https://gyazo.com/3d42107c6aa66acc2fbe582b3a6a352e)
reconfigured Laravel to send AUTH command before MAIL FROM command (returns same different error 250)

Additionally we are unable to connect via PUTTY. We verified the SSH permissions are correct with MojoHost.

I've read in a different post that

The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one.

Attempted that with no success either. Hoping someone can provide some helpful insight. Going on a week now of trying to solve this....

Thanks, Mike

Maxima answered 9/1, 2017 at 17:57 Comment(0)

Disable "SMTP Restrictions" from WHM.

For context, If you don't use WHM/Cpanel for your server management this is would not be applicable to you. If you do, in WHM on the left navigation menu, just type "SMTP" and you'll see SMTP Restrictions as the top choice on results. Click on it and there is a disable/enable toggle button.

Clap answered 1/10, 2020 at 17:55 Comment(4)

Can you add a bit more context to your answer? – Denitrify 1/10, 2020 at 20:56

Thanks this worked! @Denitrify For context, If you don't use WHM/Cpanel for your server management this is would not be applicable to you. If you do, in WHM on the left navigation menu, just type "SMTP" and you'll see SMTP Restrictions as the top choice on results. Click on it and there is a disable/enable toggle button. – Pillory 26/4, 2021 at 19:16

@MichaelFalciglia thanks, added that to the answer so others can get to it more easily. – Denitrify 27/4, 2021 at 7:59

Thank you , it perfectly works for me after 3 days of wong attempts – Biscuit 4/9 at 13:47

In the method createSmtpDriver from

\vendor\laravel\framework\src\Illuminate\Mail\TransportManager.php

it fetches the key stream from

\config\mail.php

that is later used as custom options for the stream_context_create method inside

\vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php.

So to set the keys verify_peer, verify_peer_name, and allow_self_signed to solve the error mentioned by the OP you can add the following to the \config\mail.php:

'stream' => [
    'ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true,
    ],
],

Lovmilla answered 26/7, 2017 at 1:11 Comment(1)

This is a bad practice. – Hearts 13/3, 2018 at 0:27

A lot of people upgrading to PHP 5.6+ are running into the following error:

ErrorException: Email to [email address] failed: stream_socket_enable_crypto(): Peer certificate CN=[hostname]' did not match expected CN=[target hostname]' - library/Zend/Mail/Protocol/Smtp.php:206

As of PHP 5.6 peer verification is enabled by default (http://php.net/manual/en/migration56.openssl.php).

If you are running WHM or Plesk, I found the issue could be resolved as follows:

WHM: Change the “Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)” from “On” to “Off”.

Plesk: Create a new subscription with the URL set as the server host address, then assign it a SSL cert via the lets encrypt plugin.

Aviv answered 13/7, 2020 at 17:12 Comment(0)

for laravel add this line in .env file to unset mail encryption

MAIL_ENCRYPTION = NULL

Dennet answered 7/6, 2021 at 12:6 Comment(1)

If I'm not wrong, then this way, the emails won't get encrypted and someone might intercept the emails to get all the information that's in there. – Homologous 19/9, 2022 at 19:57

Change

MAIL_DRIVER=smtp

MAIL_DRIVER=mail

, or

MAIL_DRIVER = sendmail

Nicker answered 18/3, 2022 at 11:2 Comment(2)

or MAIL_DRIVER = sendmail – Nicker 18/3, 2022 at 11:3

In your config/mail.php configuration file, check the default option to see what the actual environment key is. In mine (Laravel 9+) it's "MAIL_MAILER". – Joyance 15/6, 2023 at 18:36

Try unsetting encryption by removing 'tls' in \config/mail.php if you are using Non-SSL Settings

'encryption' => env('MAIL_ENCRYPTION', ''),

Garzon answered 16/2, 2017 at 5:29 Comment(1)

We tried that already with no success. We have since moved away from SendGrid. – Maxima 20/2, 2017 at 17:7

for who use mail hosting at cpanel, you can use my solution. I have tried and it works with out changing anything in config\mail.php as stated by Chaibi Alaa answer.

So my apps architecture is from VM instance at GCP -> CloudFlare -> Mail Hosting (CPANEL Based). the problems comes with the certification

CN=`*.abc' did not match expected CN=`mail.def.com'

so instead of changing vendor code, i tried to bypassing the cloudflare. so I'm pointing out directly to the mail hosting DNS.

here is example of my configuration

MAIL_DRIVER=smtp
MAIL_HOST=mailhosting.com
MAIL_PORT=465
MAIL_USERNAME="[email protected]"
MAIL_PASSWORD="password"
MAIL_ENCRYPTION=ssl

In my case it works, hopefully it would help someone else which facing same issue. Please take a notes, I always trying to avoid workaround solution (by changing vendor code -> could be harmfull, do it with your own risk unless you know what you do)

you can find your MAIL_HOST in the Mail Client Manual Settings if you use Roundcube

Gumwood answered 16/11, 2021 at 12:55 Comment(0)

 'mailers' => [
        'smtp' => [
            'transport' => 'smtp',
            'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
            'port' => env('MAIL_PORT', 587),
            'encryption' => env('MAIL_ENCRYPTION', 'tls'),
            'username' => env('MAIL_USERNAME'),
            'password' => env('MAIL_PASSWORD'),
            'timeout' => null,
            'auth_mode' => null,
            'stream'     => [
                'ssl' => [
                    'allow_self_signed' => true,
                    'verify_peer'       => false,   // <-------------- this is the important part 
                    'verify_peer_name'  => false,
                ],
            ],
        ],
        
        'ses' => [
            'transport' => 'ses',
        ],

        'mailgun' => [
            'transport' => 'mailgun',
        ],

        'postmark' => [
            'transport' => 'postmark',
        ],

        'sendmail' => [
            'transport' => 'sendmail',
            'path' => '/usr/sbin/sendmail -bs',
        ],

        'log' => [
            'transport' => 'log',
            'channel' => env('MAIL_LOG_CHANNEL'),
        ],

        'array' => [
            'transport' => 'array',
        ],
    ],

Oversupply answered 11/12, 2022 at 19:34 Comment(0)

Make sure your outgoing SMTP is allowed to non root, exim, and mailman as well

Into WHM you can do via > Into sidebar type "Tweak Settings" > Click "Mail" Tab > Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak) [?] > set off

Impolicy answered 5/8 at 12:19 Comment(0)

Recommended topics

Hot tags