OpenSSL::SSL::SSLError (hostname "smtp.mandrillapp.com" does not match the server certificate)

Question

Since migrating a production Rails app to a new machine, the follow error is always recieved when trying to send mail via Mandrill:

OpenSSL::SSL::SSLError (hostname "smtp.mandrillapp.com" does not match the server certificate)

Here is the

  config.action_mailer.smtp_settings = {
    address: 'smtp.mandrillapp.com',
    port: '587',
    enable_starttls_auto: true,
    user_name: 'XXXXXXXX',
    password: 'XXXXXXXX',
    authentication: 'login', # Mandrill supports 'plain' or 'login'
    domain: 'mydomain.com'   }

Mandrill down not allow for openssl_verify_mode: 'none' as suggested here: Rails 3: OpenSSL::SSL::SSLError: hostname was not match with the server certificate

When openssl_verify_mode: 'none' is set the error becomes:

Net::SMTPAuthenticationError (535 Incorrect authentication data)

Any ideas on how to correct this?

The certificate on port 587 matches the name, but as wildcard with subject alternative name. I would suggest that this might be a bug in the ruby/rails version you use on this machine. Or you might have a different network setup so that you get a different server for this hostname than visible from public internet. — Steffen Ullrich, Apr 21 '15 at 04:58

score 0 · Answer 1 · answered Mar 07 '16 at 16:54

I encountered and solved this issue (my Rails app is hosted on a WHM/cPanel account).

The trick was tweaking the SMTP Restrictions in the WHM settings, specifically turning off the following setting:

"Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak)"

OpenSSL::SSL::SSLError (hostname "smtp.mandrillapp.com" does not match the server certificate)

1 Answers1