Gmail connection issue

Help
1

My domain is: bhooks.com

I ran this command: normal install, ssl checks locally.

It produced this output: Both worked

My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

So the install of the Let’sEncrypt certificate worked perfectly fine, my website is on https, ssl checks on the host are fine. My problem is that the gmail connection doesn’t work.
I have a postfix + dovecot installation, both use the fullchain + key pem-files. Connecting to them via my outlook.live account works (e.g. via IMAPS 993, but also POP3 is available). But Gmail responds with:

Server returned error: "SSL error: ok IP address "162.246.23.164" not found in SANs"

Or, when I try to use port 143 with the checkbox ticked for “Always use a secure connection (SSL) when retrieving mail.”, I get the error:

Server returned error: "SSL protocol error. Please try disabling SSL, or contact your other provider to verify the correct port settings."

(And, as said, both sending and receiving mails in my outlook.live account (using 143) for the same email works perfectly fine)

What more could I check for?
Thank you for some guidance!
Kind regards,
Roman

2

Hi @Doidel

looks like a bug of GMail.

Connecting a server there is always the ip address used. But then the client (GMail) should send the hostname, so the server is able to select the correct certificate. That's SNI - Server Name Indication.

So the server checks the list of certificates to see, if the hostname is included in the SAN list of one certificate.

But the error message says: GMail sends the ip addresss as hostname.

Your certificate has only domain names, not ip addresses. So that can't work. But it's not your error, it's general impossible.

Checking your connections that's good - https://check-your-website.server-daten.de/?q=bhooks.com

com
com1159×694 41 KB

There was another user - a problem with GMail - "SSL error: Leaf certificate is expired"

Thunderbird worked, GMail not.

Or you have a configuration error, so you use the ip address in your gmail-configuration. But I don't think that.

3

No actually, that was exactly it: I entered the IP address instead of the host name. I wasn’t aware that this makes any difference. Even more so since outlook.live accepted the ip address.
Simply changing the server in the connection properties from its ip address to its host name solved the issue! Thanks!

1 Like
4

Ok, then it can't work.

Thanks for reporting back!

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.