Send-Mail-As via Gmail

My domain is:
My web server is (include version): Unknown
The operating system my web server runs on is (include version): Unknown
My hosting provider, if applicable, is: Media Temple (recently bought by GoDaddy)
I can login to a root shell on my machine (yes or no, or I don't know): No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Unknown

I'm getting an authentication error ("TLS Negotiation failed, the certificate doesn't match the host., code: 550") when I try to set up an email account with my domain within Gmail to Send-As. I've installed a new SSL certificate within Plesk but I guess that only covers the website itself. The mail server isn't mail. or, it's simply But obviously my SSL isn't covering this particular use despite that within Plesk I've designated it to account for "webmail" too.

Only a few years ago did Gmail suddenly get finnicky over this, and greater security is fine I guess, but I don't know enough about SSL certificates to know how to cover this particular use. Any push in the right direction would be greatly appreciated.

mx record of is pointed to, so SMTP server's certificate have to cover that mail subdomain.

plesk itself doesn't cover that, so I'd just change mx record to a name plesk have certificate for


Thanks for the really helpful reply. I can see that you're suggesting two routes. The Plesk workaround (whereby I create a new subdomain within Plesk and issue an SSL certificate under it) didn't work for me just now, and besides, would appear to necessitate a lot of maintenance even if it did work, judging from comments by others.

Changing the MX record "to a name Plesk does have a certificate for" sounds a lot easier, but I'm not quite sure what's required there because I'm not clear on how to get an SSL certificate for anything except the main domain. I just changed the MX record from 10 to 10 and got the same result.


Do you have a screenshot of the error.
I'm having a hard time trying to figure out the when/where/why of it.


Connecting with openssl s_client -connect reveals a DigiCert certificate for that expired on 2022-11-14.


for the more visually oriented:


Thanks for the help everyone. That would certainly seem to directly answer my question.

However, and this could merely be my ignorance in this area, but I'm not sure how you're finding an expired certificate. At the SSL lock icon is showing on my browser, and I'll paste the certificate below, which shows it expires on 11/18/23.

What you've both found is an older certificate, and so I guess my task is finding out why you're seeing that. I imagine this could have something to do with my host migrating my sites to a new server a few months back, which is when this problem started. To all appearances, the migration went fine. But I noticed yesterday that when I FTP'd to the site, a few cosmetic changes I made weren't showing up because, as it turned out, I was FTP'd into the place where my sites were located, which Media Temple confusingly kept intact. It took hours to sort that out with them. Or maybe this has nothing to do with that, but I'm offering it in case it jogs someone's memory here.

Again, thank you for the responses, they're greatly appreciated.


Your browser connected to a web server on port 443. We connected to the mailserver listening on port 465. Since they are distinct applications that are configured separately they can easily use different certificates. The mailserver is using an obsolete certificate. Once you update its configuration to use a valid certificate, you should be closer to your goal.


Just following up here because I was able to resolve my issue, which turned out to have less to do with SSL than with my server.

What fixed my issue (of not being able to send out * emails within Gmail) was changing the incoming server from to simply within Gmail. The reason this was hard to diagnose is because the incoming pop server still worked as, but the mismatch between incoming and outgoing set off some sort of alarm bells that prevented everything from working.

The one SSL certificate covers both the website and mail server, as it turns out, it was just the gmail settings. Maybe this post will help someone down the road, I don't know, but again, thanks everyone for helping me through this.

1 Like

None of the SANs have in them, that is the reason for the the "mismatch".

The issue is your DNS has both domain names (which is nice)
but the Certificate being served Port 443 has Alternative names (i.e. SANs)
SSL Server Test: (Powered by Qualys SSL Labs)

But the Certificate being served on Port 465 only has in the SANs


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.