PHP Mailer "Warning: stream_socket_enable_crypto():" Error

Question

I have a continuing SMTP problem with PHPMailer which is described here: https://github.com/PHPMailer/PHPMailer/wiki/Troubleshooting#php-56-certificate-verification-failure

I've looked at the errors given and, from what I can tell, this is the main culprit

Warning: stream_socket_enable_crypto(): Peer certificate CN=*.mywebhost.com' did not match expected CN=mail.mydomain.com' in /path/to/phpmailer/class.smtp.php on line 355

Other ideas/info.

1. I have an SSL installed and I've verified the legitimacy of it here: https://www.digicert.com/help/
2. This is a shared hosting environment.
3. It's a PHP 7 environment.
4. This is a subdomain setup. So, the SSL is for sub.mydomain.com and the $mail->Host is mail.mydomain.com. I don't know if that's relevant or not, but that's what it is.

I've already been through the PHPMailer documentation and I have no idea as to why this is still happening. Valid SSL, no SMTP..... Any ideas on where I can check to fix this?

Answer 1

You presumably have this set:

$mail->Host = 'mail.mydomain.com';

but when you connect to that, it actually connects to your ISP's mail host (probably something like mail.mywebhost.com, which presents the *.mywebhost.com certificate), and so of course the name on the server's certificate you've got does not match. The correct solution to this is to change your Host property to use the real name of the mail server, as then the certificate will match, and you will have no mismatch errors:

$mail->Host = 'mail.mywebhost.com';

(you'll need to find out what the exact name should be). For this to work with your own certificate, you would need to be running your own mail server on its own IP, something you're not likely to get on shared hosting.

An alternative workaround also described in the troubleshooting guide is to disable certificate validation (as pre-5.6 PHP did) - but you should not do that. You know why this is failing, so you should fix it properly, not simply suppress the error.