theaaronloy_

Top Menu

  • Home
  • About
  • Contact
  • Disclaimer

Main Menu

  • Rants
  • Singapore
  • World
  • Life
  • Art
  • Food
  • Travels
  • Music
  • Games
  • Astronomy
  • Tech
  • Science
  • Eco
  • Business
  • Finance
  • Bargains
  • Randomness
  • Scam Watch
  • How To
  • Home
  • About
  • Contact
  • Disclaimer

theaaronloy_

theaaronloy_

  • Rants
  • Singapore
  • World
  • Life
  • Art
  • Food
  • Travels
  • Music
  • Games
  • Astronomy
  • Tech
  • Science
  • Eco
  • Business
  • Finance
  • Bargains
  • Randomness
  • Scam Watch
  • How To
How To
Home›How To›How to (Possibly) Fix “TLS Negotiation failed, the certificate doesn’t match the host.” Gmail Error

How to (Possibly) Fix “TLS Negotiation failed, the certificate doesn’t match the host.” Gmail Error

By aaron loy
April 20, 2020
4796
0
Share:

Using Gmail to manage your emails?

Me too.

Suddenly getting the “TLS Negotiation failed, the certificate doesn’t match the host.” Error?

Same. Apparently, I’m not the only one.

After some trial and error, I seem to have fixed it. Like, really fixed it.

A. Temporary Solution

As many in the forum message suggest, it’s a encryption certification issue.

That’s why the only real suggestion in the google help thread that works so far is the one about using an Unsecured Connection on port 25. But that’s not good enough yes?

Please don’t ever use unsecured email protocols. This is a temporary solution at best, while you work out the real problem.

B. Possible *Permanent* Fix

I’m going to assume that you have control over your domain and WebHost. By now, most of you should be on some sort of SSL certificate, like the free one from Let’s Encrypt. If you haven’t upgraded your sites to use secured HTTPS instead, you should check it out.

In summary, you need to make sure that whatever mail-related subdomains you’re using (smtp.youdomain, mail.yourdomain, etc) are included in your SSL/TLS Certificates.

Some SLS/TLS control panels might have each component of the domain separated for certification.
In this case, make sure the mail related subdomains have been included. If that doesn’t work, try adding a wildcard certification.

1. Check your SSL/TLS cert control panel.

Some hosts have ‘components’ you can choose to secure. Make sure your Mail Access components like IMAP, SMTP and POP is selected. If not selected previously, select them now and reissue the cert.

2. Wildcard Certification

If that still doesn’t work (which it didn’t in my case), try adding a wildcard certification. Wildcard certs automatically certify any sub-domains, which will include mail.yourdomain and smtp.yourdomain.

2a. Cloudflare / CDNs

If you’re using Cloudflare or other CDNs, depending on how you set it up, you might need to manually create a TXT Record in your DNS settings in Cloudflare. Check for instructions from your WebHost.

3. Set Gmail Encryption Settings

Go back to Gmail, and choose your preferred secured method of email communication. Use whatever subdomain you were using previously (switching to mail.yourdomain to smtp.yourdomain, or vice versa, doesn’t fix the problem). As a reference, I used to be on Secured TLS on 25 before this problem. Using 465 SSL now. Make sure you test with 2-3 emails a few minutes apart. Sometimes when the problem isn’t fixed, the first mail would still go through, but subsequent ones wouldn’t, and you’re back to square one.

I’ve tried to be as general yet as detailed as possible because there are so many different settings, hope I haven’t confused anyone.

What Caused This Problem?

According to an expert on the google help thread, it seems like google recently started stricter reinforcement of encryption certificates. 

Just like the recent push for HTTPS, this is a step in the right direction, in my opinion. So, endure the inconvenience for now?

(Header image from Google’s Gmail ‘about’ page)

Previous Article

Yunomori Onsen & Spa (Singapore)

Next Article

How to Easily Mine Crypto on Phone

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • BargainsHow ToSingaporeTech

    Digital TV Antenna Singapore (Free!)

    January 27, 2018
    By aaron loy
  • How ToInternet MarketingTech

    How To Change Font Size in WordPress / TinyMCE

    March 18, 2015
    By aaron loy
  • How ToLife

    Best Boxer Briefs to Prevent Thigh Abrasion

    February 28, 2021
    By aaron loy
  • How To

    Increase Speed, Fast Forward & Rewind in Recorded Microsoft Team Videos (Sharepoint)

    July 8, 2021
    By aaron loy
  • How ToSingaporeTech

    How to Logon to [email protected] in Windows 8.1

    February 16, 2015
    By aaron loy
  • GamesHow To

    Running Homeworld 1, 2 and Cataclysm on Windows 7 / 8 / 8.1

    May 3, 2014
    By aaron loy

  • Bargains

    iHerb Discount for Existing Customers

  • Singapore

    Faith in Singaporeans Lost.

  • MusicRandomnessWorld

    Abe Lincoln pwns Mitt and Obama

Cheap Supplements Online Store Singapore!
Cheap Supplements Online Store Singapore!
YouTube subscribe button by Skipser
Sudio Vasa Bla Unboxing, Colour Preview (Review Link Inside)
Windows 10 Upgrade Fail - KCCI meteorologist gets upgrade surprise on live TV
Asus RT-AC88U Unboxing
By PoseLab
Visit Youtube Channel



Support the World Wildlife Fund

Disclaimer

This Site is User Supported: theAARONLOY// is reader-supported. When you buy through links on our site we may earn an affiliate commission.

Affiliate Links: Assume all outgoing links are affiliate links. Your price remains unchanged (you get better prices sometimes!), yet you'll be able to support the site. Also, this allows us to monetize the site without resorting to conflicting sponsorships.

Non-Sponsored Reviews: Assume all reviews/articles are not sponsored unless noted. Example: Most of my restaurant reviews are made unannounced, with food paid for by yours truly. I don't believe in PAP-style inspections and Gushcloud-ish BS.

Full disclaimer here.