The Windows Server 2012 R2 runs MailEnable Standard Version 10.34 and hosts a couple ASP.NET Core web applications in IIS. There is also Plesk Obsidian 18.0.40.
For each web application, an SSL Certificate has been issued and configured in IIS. Those certificated were issued and installed two months ago. In Plesk, each website has a "Lets Encrypt" certificate, too. The Plesk "SSL/TLS Certificates" page looks like the following:
Lets Encrypt mydomain.com ---> Secures webmail
www.mydomain.com ---> Secures mail
Suddenly, today, one of the web applications stopped sending emails. The code is the following (where xxx.xxx.xxx.xxx is the server's IP):
using (MailKit.Net.Smtp.SmtpClient smtp = new MailKit.Net.Smtp.SmtpClient())
{
try
{
smtp.Connect("xxx.xxx.xxx.xxx", 587, false);
...
}
catch (Exception ex) { ... }
}
The Connect
method fails with exception error:
An error occurred while attempting to establish an SSL or TLS connection. The host name did not match the name given in the server's SSL certificate.
and inner exception error:
The remote certificate is invalid according to the validation procedure.
I checked with MailEnable server and updated the default SSL Certificate by selecting one of the newly issued (by right clicking the server node -> Properties -> SSL tab -> Default SSL Certificate dropdownlist). No other configuration change has been performed on the MailEnable server whatsoever.
The problem remains. Can anyone explain why is this happening and what exactly does it mean? I am not sure where from to start looking for a solution? IIS? Plesk? MailEnable?
I understand this sounds complicated since both code and server components are involved and I am more than willing to provide any further information upon request.
The web server hosts many different web application each one with its own certificate. On the other hand, the mail server serves all those web applications. Therefore, the line:
smtp.Connect("xxx.xxx.xxx.xxx", 587, false);
is wrong since there is no single certificate specifically issued to the server's IP address. Rather, as said, each certificate is issued to each web application's domain name, e.g.:
www.mydomain.com
Replacing xxx.xxx.xxx.xxx
with www.mydomain.com
solves the problem.
Hope this helps,