stream_socket_enable_crypto(): Peer certificate CN=`cs723.mojohost.com' did not match expected CN=`smtp.sendgrid.net'

Question

We are attempting to send an autoresponder email to new members. We're using the same configuration on other sites on the same server with no issue. Upon sending the email the following error is returned:

stream_socket_enable_crypto(): Peer certificate CN=cs723.mojohost.com did not match expected CN=smtp.sendgrid.net

https://gyazo.com/ffb0cb7645d51ed21ecc863f1e3196b2

We're using Laravel with connecting to: smtp.sendgrid.net port - 587 encription using TLS

We have tried the following with no success:

• port options 25 & 2525 (returns a different error https://gyazo.com/3d42107c6aa66acc2fbe582b3a6a352e)
• reconfigured Laravel to send AUTH command before MAIL FROM command (returns same different error 250)

Additionally we are unable to connect via PUTTY. We verified the SSH permissions are correct with MojoHost.

I've read in a different post that

The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one.

Attempted that with no success either. Hoping someone can provide some helpful insight. Going on a week now of trying to solve this....

Thanks, Mike

Answer 1

Make sure your outgoing SMTP is allowed to non root, exim, and mailman as well

Into WHM you can do via > Into sidebar type "Tweak Settings" > Click "Mail" Tab > Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak) [?] > set off

Answer 2

 'mailers' => [
        'smtp' => [
            'transport' => 'smtp',
            'host' => env('MAIL_HOST', 'smtp.mailgun.org'),
            'port' => env('MAIL_PORT', 587),
            'encryption' => env('MAIL_ENCRYPTION', 'tls'),
            'username' => env('MAIL_USERNAME'),
            'password' => env('MAIL_PASSWORD'),
            'timeout' => null,
            'auth_mode' => null,
            'stream'     => [
                'ssl' => [
                    'allow_self_signed' => true,
                    'verify_peer'       => false,   // <-------------- this is the important part 
                    'verify_peer_name'  => false,
                ],
            ],
        ],
        
        'ses' => [
            'transport' => 'ses',
        ],

        'mailgun' => [
            'transport' => 'mailgun',
        ],

        'postmark' => [
            'transport' => 'postmark',
        ],

        'sendmail' => [
            'transport' => 'sendmail',
            'path' => '/usr/sbin/sendmail -bs',
        ],

        'log' => [
            'transport' => 'log',
            'channel' => env('MAIL_LOG_CHANNEL'),
        ],

        'array' => [
            'transport' => 'array',
        ],
    ],

Answer 3

Change

MAIL_DRIVER=smtp

to

MAIL_DRIVER=mail

, or

MAIL_DRIVER = sendmail

Answer 4

for who use mail hosting at cpanel, you can use my solution. I have tried and it works with out changing anything in config\mail.php as stated by Chaibi Alaa answer.

So my apps architecture is from VM instance at GCP -> CloudFlare -> Mail Hosting (CPANEL Based). the problems comes with the certification

CN=`*.abc' did not match expected CN=`mail.def.com'

so instead of changing vendor code, i tried to bypassing the cloudflare. so I'm pointing out directly to the mail hosting DNS.

here is example of my configuration

MAIL_DRIVER=smtp
MAIL_HOST=mailhosting.com
MAIL_PORT=465
MAIL_USERNAME="noreply@def.com"
MAIL_PASSWORD="password"
MAIL_ENCRYPTION=ssl

In my case it works, hopefully it would help someone else which facing same issue. Please take a notes, I always trying to avoid workaround solution (by changing vendor code -> could be harmfull, do it with your own risk unless you know what you do)

you can find your MAIL_HOST in the Mail Client Manual Settings if you use Roundcube

Answer 5

for laravel add this line in .env file to unset mail encryption

MAIL_ENCRYPTION = NULL

Answer 6

Disable "SMTP Restrictions" from WHM.

For context, If you don't use WHM/Cpanel for your server management this is would not be applicable to you. If you do, in WHM on the left navigation menu, just type "SMTP" and you'll see SMTP Restrictions as the top choice on results. Click on it and there is a disable/enable toggle button.

Answer 7

A lot of people upgrading to PHP 5.6+ are running into the following error:

ErrorException: Email to [email address] failed: stream_socket_enable_crypto(): Peer certificate CN=[hostname]' did not match expected CN=[target hostname]' - library/Zend/Mail/Protocol/Smtp.php:206

As of PHP 5.6 peer verification is enabled by default (http://php.net/manual/en/migration56.openssl.php).

If you are running WHM or Plesk, I found the issue could be resolved as follows:

WHM: Change the “Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)” from “On” to “Off”.

Plesk: Create a new subscription with the URL set as the server host address, then assign it a SSL cert via the lets encrypt plugin.

Answer 8

In the method createSmtpDriver from

\vendor\laravel\framework\src\Illuminate\Mail\TransportManager.php

it fetches the key stream from

\config\mail.php

that is later used as custom options for the stream_context_create method inside

\vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php.

So to set the keys verify_peer, verify_peer_name, and allow_self_signed to solve the error mentioned by the OP you can add the following to the \config\mail.php:

'stream' => [
    'ssl' => [
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true,
    ],
],

Answer 9

Try unsetting encryption by removing 'tls' in \config/mail.php if you are using Non-SSL Settings

'encryption' => env('MAIL_ENCRYPTION', ''),