Getting "This certificate belongs to a different site for a wildcard certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
I tried to add an account in Thunderbird (V91.3.1 (64-bit) on Ubuntu Desktop V21.10
It produced this output:
See attached

My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu (latest) LTS Server
My hosting provider, if applicable, is:
Self managed virtual
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0

The following two commands don't seem to produce any errors (as far as I can tell)
openssl s_client -showcerts -connect -servername
openssl s_client -starttls smtp -showcerts -connect -servername


Here you're using the hostnames:

  • and

In your screenshot you're using the hostname:


See the difference?


The wildcard cert in use doesn't cover the apex: |


That would be the next thing OP should be concluding indeed :wink:


Running the following

sudo certbot certonly --manual --preferred-challenges dns --server

with ", *" as arguments allows Thunderbird clients to connect without any errors.

Thanks for your help


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.