My domain is: lagas.com
My web server is (include version): Unknown
The operating system my web server runs on is (include version): Unknown
My hosting provider, if applicable, is: Media Temple (recently bought by GoDaddy)
I can login to a root shell on my machine (yes or no, or I don't know): No
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Plesk.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Unknown
I'm getting an authentication error ("TLS Negotiation failed, the certificate doesn't match the host., code: 550") when I try to set up an email account with my domain within Gmail to Send-As. I've installed a new SSL certificate within Plesk but I guess that only covers the website itself. The mail server isn't mail. or smtp.lagas.com, it's simply lagas.com. But obviously my SSL isn't covering this particular use despite that within Plesk I've designated it to account for "webmail" too.
Only a few years ago did Gmail suddenly get finnicky over this, and greater security is fine I guess, but I don't know enough about SSL certificates to know how to cover this particular use. Any push in the right direction would be greatly appreciated.
Thanks for the really helpful reply. I can see that you're suggesting two routes. The Plesk workaround (whereby I create a new subdomain within Plesk and issue an SSL certificate under it) didn't work for me just now, and besides, would appear to necessitate a lot of maintenance even if it did work, judging from comments by others.
Changing the MX record "to a name Plesk does have a certificate for" sounds a lot easier, but I'm not quite sure what's required there because I'm not clear on how to get an SSL certificate for anything except the main domain. I just changed the MX record from 10 mail.lagas.com to 10 lagas.com and got the same result.
Thanks for the help everyone. That would certainly seem to directly answer my question.
However, and this could merely be my ignorance in this area, but I'm not sure how you're finding an expired certificate. At lagas.com the SSL lock icon is showing on my browser, and I'll paste the certificate below, which shows it expires on 11/18/23.
What you've both found is an older certificate, and so I guess my task is finding out why you're seeing that. I imagine this could have something to do with my host migrating my sites to a new server a few months back, which is when this problem started. To all appearances, the migration went fine. But I noticed yesterday that when I FTP'd to the site, a few cosmetic changes I made weren't showing up because, as it turned out, I was FTP'd into the place where my sites were located, which Media Temple confusingly kept intact. It took hours to sort that out with them. Or maybe this has nothing to do with that, but I'm offering it in case it jogs someone's memory here.
Again, thank you for the responses, they're greatly appreciated.
Your browser connected to a web server on port 443. We connected to the mailserver listening on port 465. Since they are distinct applications that are configured separately they can easily use different certificates. The mailserver is using an obsolete certificate. Once you update its configuration to use a valid certificate, you should be closer to your goal.
Just following up here because I was able to resolve my issue, which turned out to have less to do with SSL than with my server.
What fixed my issue (of not being able to send out *@lagas.com emails within Gmail) was changing the incoming server from mail.lagas.com to simply lagas.com within Gmail. The reason this was hard to diagnose is because the incoming pop server still worked as mail.lagas.com, but the mismatch between incoming and outgoing set off some sort of alarm bells that prevented everything from working.
The one SSL certificate covers both the website and mail server, as it turns out, it was just the gmail settings. Maybe this post will help someone down the road, I don't know, but again, thanks everyone for helping me through this.
