Certificate domain mismatch error when connecting to a DreamHost mail server

You may receive a "domain mismatch" warning or an error when connecting to a DreamHost mail server if you use your DreamHost mail server subdomain. For example:

mail.example.com

The following information shows you how to resolve this situation.

In the past, it was possible to use mail.example.com to connect (where example.com is your actual domain name). Due to how modern mail clients handle security, this is now NOT recommended as it may cause connection errors. Please ensure you are only using your email cluster servername (shown below) when connecting.

Connecting directly to your DreamHost mail server

Instead of using mail.example.com, you can use the name of your specific DreamHost mail server instead.

To determine which server name to use:

  1. Log into your DreamHost Panel.
  2. Navigate to the (Panel > 'Support' > 'Data Centers') page.

    Under the 'Mail service' section, your mail server appears to the right of any domain. In the following example, it’s homiemail-sub4:

    04_mail_servernames.png
  3. Use the matching server name in the following table for the incoming AND outgoing server in your mail program.
    Email Cluster Server Name
    homiemail-sub3 sub3.mail.dreamhost.com
    homiemail-sub4 sub4.mail.dreamhost.com
    homiemail-sub5 sub5.mail.dreamhost.com
    homiemail-master homie.mail.dreamhost.com

    This example shows homiemail-sub4, so enter 'sub4.mail.dreamhost.com' into your mail client to connect.

Trusting the certificate in Mac Mail or iPhone

On January 19, 2017, DreamHost updated the SSL certificates on all mail servers. Because the SSL certificate was updated, a message appears if you're using your site's mail subdomain (mail.example.com) instead of the mail server (as shown above).

You can either change the servername you use with the instructions above, or accept the new certificate in your mail app. This certificate is completely safe for you to accept. Once your mail client saves the new certificate, your email client functions normally again.

Mac Mail users: There have been a few reported issues with Mac Mail not saving the new certificate at first. You may need to accept the certificate several times with the 'Continue' button. Some users report that after a few tries, the certificate is saved. If it still cannot connect after these attempts, make sure you use the mail cluster for the Mail Server name on your account (e.g., sub5.mail.dreamhost.com). You can see which mail cluster your account users in the panel on the (Panel > 'Support' > 'Data Centers') page.

iPhone (iOS) users: Open 'Settings > Mail > Accounts', tap the account and address, and then re-enter the hostname. If this doesn't work, try setting up email as a new account. Go to 'Settings > Mail > Accounts > Add Account'. If the message 'Cannot Verify Server Identity' appears, tap the 'Details' option below that message, and then tap the Trust button in the top-right corner:

IPhone7.fw.png

Be sure to save your changes. If needed, repeat this process 2–3 times to take effect permanently. You should also use your mail cluster for the Mail Server name on your account with this setup. You can visit the setting up email on an iPhone for more information.

If you need further help

In rare cases, Mac OS may retain past SSL certificates despite the Mail account having been removed and Keychain Access being emptied of related certificates and passwords. If you find that any of the above steps do not resolve the issue, try removing your account completely from Mail, clear out Keychain Access of *mail.dreamhost.com certificates, and remove any saved passwords for your account. Then, reboot your Mac to flush any remaining configuration of the account from your system. Once the machine logs back in, you can proceed to re-add your email account in Mail.

Apple Support can provide the best assistance with Mac Mail issues. Apple technicians are the experts when it comes to Apple software.

See also

Did this article answer your questions?

Article last updated .