/mail/community?hl=en
This content is likely not relevant anymore. Try searching or browse recent questions.
This post is a trending issue.
-
my message can sometimes not be delivered because of an incorrect alias. Sometimes it works. 1 Recommended Answer 787 Replies 1708 Upvotes
1 Recommended Answer
$0 Recommended Answers
hello,

Sometimes (!) I am getting a message that my email could not be delivered because the credentials of the alias I am sending are not correct or are outdated. But this happens with 1 out of 10 messages and randomly with the people I am sending this to. One minute later with another new message it then works again.  I use gmail in the browser to send my emails. 

Any one any idea?

thanks
Marjon
All Replies (787)
-
I forgot the message I am seeing is also saying: 

De reactie was:
TLS Negotiation failed, the certificate doesn't match the host.

I am getting this, although nothing changed since 4 days with some emails.
marked this as an answer
Same issue here. Out of 10 messages to the same email address...  1 or 2 may come back with a TLS error.
marked this as an answer
Same issue here. Just started happening to me very intermittently. Looks like a Google-wide issue that has absolutely nothing to do with the 3rd party servers?? Google please confirm and FIX. Thanks
marked this as an answer
I have been having the same problem for about a week to a week and a half.

I also see exactly what the posters say -- it is inconsistent, clearly some Gmail systems are configured differently than others, and it's random as to which one attempts to connect, because some of them are fine with my configuration and others are not.

The maddening thing is that the TLS certificate I'm using absolutely matches the host!

It is a self signed certificate but that's never been a problem in the past.

syd-barrett.accessgroupinc.com

No affiliation but I used


the detailed results from this site indicate no problems except for self signed certificate


Note that the server identifies itself as syd-barrett.accessgroupinc.com AND the reverse DNS resolves to syd-barrett.accessgroupinc.com AND the MX records all use syd-barrett.accessgroupinc.com

I am therefore baffled, which is unusual...  I have 30+ years experience with system administration and used to hack Sendmail back in the day...  contributed a tiny bit to Postfix years and years ago...
marked this as an answer
To make sure we're all on the same page, this is when sending from Gmail using a custom outgoing email address, and using TLS as the transport to another mail server which does the actual delivery for that domain.

(The OP isn't explicit about what they are doing, but I'm reading between the lines, because I have the exact same issue.)
marked this as an answer
I just got this alert today for the first time. I am using Gmail as my host but using a non-gmail email account. They have been linked for 10 years. Any suggestions?
marked this as an answer
I am getting the same error, intermittently. I am using an alias to send outgoing mail from Gmail through my customer domain mail server. How can the TLS certificate be incorrect or out of date one minute, and fine the next??
marked this as an answer
An invalid certificate, including self-signed, would be a problem now that Gmail is enforcing TLS for servers that support it.  (Previously, after a few failures, Gmail would deliver the messages without encryption.)
 
To know if this is everyone's problem would require knowing the domain names that are failing.
marked this as an answer
If this is due to a problem with the domain's certificate, would it not be a problem with each email I send? This seems to happen randomly, maybe one out of 5 or 10 emails I send, and it just started today.
marked this as an answer
The truly odd thing is that there was a bunch of fanfare when Google made changes to the way they handle TLS, and at that time, nothing broke!

Even now, things only break occasionally, about one out of ten times that I send something.

The irony of course is with stricter TLS the workaround with this error is to simply turn TLS off, and go unsecured, which is completely and totally stupid.

I control my DNS which points the MX to my server, I control my server software, and I provide the certificate.  Why should Google care if my inbound relay uses a self signed certificate?  It's better than the alternative, which is no encryption at all.
marked this as an answer
Per bkennelly's post: the outgoing mail server I am send mail through is my custom email domain which is hosted by Earthlink, so it is on one of their servers.
marked this as an answer
We really don't know if everyone has the same problem without more information.  The changes could be rolling out over time, so that not every message is impacted.
 
 
marked this as an answer
@bkennelly Note that I actually provided the exact details of my server and the output from the TLS check I did.

I do not see any documentation anywhere indicating that Gmail now requires certificates to be signed by a specific list of CA.

At the very least, if this is the requirement, then the error message is completely totally and stupidly incorrect.  It indicates a hostname mismatch, which is absolutely not true.

I might also add that adding the TLS credentials within Gmail does not produce errors i.e. I give it username, password, and point it at my server, and it accepts those settings for the given email address...  this is also an error if the intent on the part of Google is to force people to have TLS certificates that are signed by a given group of CA.

Long story short the status quo is ridiculously poor.  The TLS page for Gmail says nothing about self signed certificates -- says nothing about specific CA being required -- the error message doesn't say anything about that either -- and Gmail itself gladly accepts my TLS credentials -- which it clearly is checking, as if I give an incorrect username or password, it refuses to take my settings.
marked this as an answer
1: Could you clarify. Could a change be made to a rule, and then the change be rescinded, and then made again, etc.?

2: Is it likely this is a Gmail issue or a real issue with the mail server's certificate at Earthlink? I don't want to go down the rabbit hole with Earthlink if it is a Gmail bug.
marked this as an answer
We may be getting sidetracked.  By the time I read to the bottom of the posts, I had forgotten that the problem being reported was with authenticating to a custom SMTP server, and was thinking it was about delivery of outbound mail from the Gmail servers.  (I apologize.)  
 
It is still possible that the recent TLS changes are involved, but, AFAIK, those changes only apply to messages being sent from the Google mail servers to the other hosts, not to connecting to custom SMTP servers.
 
Google generally do not trust self-signed certificates, for good reasons, but that would not apply to those using Earthlink servers.  The server name mismatch is possible, depending on how you name the server and how Earthlink identify it.
marked this as an answer
As I'm experiencing the same TLS Negotiation failed issue, I'll give more details about my Gmail account configuration. I'm using Gmail to send/receive my custom-domain email messages by using these two settings:

Options > Accounts and Import > Send mail as
Options > Accounts and Import > Check email from other accounts

The Send mail as is configured this way:

- Treat as an alias
- Port 465
- Secured connection, using SSL (recommended)

My self-hosted domain is secured with a free Let's Encrypt SSL/TLS certificate on a VPS machine with Ubuntu/Plesk. I've never had any problem for years, this is the first time Google is showing this behavior. 

The LS Negotiation failed error happens in a completely random way. Sometimes I can send multiple messages to a specific email address with no issues... And then the 10th message drops this error. If I re-send the same message to the same address... It goes through with no error.
marked this as an answer
Same problem, using "Send mail as:" against a Network Solutions SMTP server, Port 587 and TLS.  Deleting and re-adding the "Send mail as:" email address still results in occasional failures.
marked this as an answer
Thanks. If it was a server name mismatch, why would that be intermittent?
marked this as an answer
I doubt it's a server-related issue, not with this inconsistency. Something changed on Google's side and we really need to figure it out. If this thing starts affecting my clients it will be a pain for me.
marked this as an answer
So how do we all fix this error???

I am also getting this error starting today April 6, 2020:

The response was:
TLS Negotiation failed, the certificate doesn't match the host.
marked this as an answer
Am also having the same issues, as above it is intermittent, nothing consistent about it
marked this as an answer
This has also started happening for us since yesterday but from the forwarding settings in Gmail and domain end information is all still the same? 
I did the check recommended above and it came back and said email was being sent but it was not secure. How do I make it secure? The TLS info is the same and doesn't have anything to update so not sure how to fix it when nothing seems to have changed?
marked this as an answer
I am also having the same issue.  This is not a new issue.  Just that it is more frequent now
marked this as an answer
Same issue here -- trying to send mail as another email account from Gmail (I've verified all settings are correct) and getting the message 

TLS Negotiation failed, the certificate doesn't match the host.
marked this as an answer
I have the same issue since Friday 3rd April. Its really effecting my business. Is there a number we can call google on to help fix this? I have checked domain and server with developers and all working fine?
marked this as an answer
I have the same issue here since this morning... Some emails bounce back with the error message "TLS Negotiation failed, the certificate doesn't match the host." while others are sent with no problems.

I haven't changed anything in my account for months.

Anyone from Google can solve this?
marked this as an answer
Samen issue here. Random TLS Negotiation failed errors, issue started somewhere last week.
Google please solve this problem.
marked this as an answer
Same Issue here
marked this as an answer
I have the same issue as well. Have anyone fixed it?
marked this as an answer
same issue
marked this as an answer
Just adding to this thread, this is happening on several of our Gmail accounts but not all. Every account is configured the same way, to use SSL, port 465, not TLS but only some accounts are having problems. It is also not every email, it is intermittent.

The error report is:

TLS Negotiation failed, the certificate doesn't match the host.

All our accounts are set up to send mail as:

Not an alias.
Mail is sent through: server.XXX.com
Secured connection on port 465 using SSL

Out of 6 accounts, one started having problems last week, another one this morning and the rest have been fine.
marked this as an answer
Likewise, regrettably.
marked this as an answer
Same here. I changed the TLS-Ports - but nothing changed. 
I´m using DF.EU as Mail-Provider and got in contact with the support - but as I´m reading all the Posts here I guess it has something to do with google.
marked this as an answer
Same here. Waitig for google respose.
marked this as an answer
same issue here
marked this as an answer
same issue here since 3 days too
marked this as an answer
Having the same issue! Random emails will be rejected one day, and the next it'll be fine and another handful aren't going through. Really frustrating.

Thought it was the way I configured it, but looks like this is a wider problem. 

Anyone here from Google yet?
marked this as an answer
Its not server related but from the Gmail's side. Something related to certificate matching.
marked this as an answer
same issue here. 2 out of 10. I can not see any pattern behind it
marked this as an answer
The same issue. 
I've even recreated a new TLS cert. Nothing happend.
maybe its time to turn to alias?
marked this as an answer
Same issue here - it's affecting random emails. The thing is, the sending as is actually hosted by Google Apps (the domain email IS a Gmail service) and the send as is being sent as that domain address via a regular Gmail account. It's completely hit and miss at the moment, I imagine it's down to some cluster of servers which need to be updated and we're only hitting them occasionally, rather than a full outright loss of service (which will make this harder to get attention from Google engineers!).
marked this as an answer
How can we escalate this to google?
marked this as an answer
Same issue here
Using chrome client and  Let's script SSL Certificate. on the hosting
marked this as an answer
Same exact issue here with 2 different mail servers. Used firefox and chrome and the two mail servers are unrelated. Was working fine last week when I had last sent a few emails.
marked this as an answer
We must find a way to escalate this issue, someone at Google must check it because it's very very problematic...
marked this as an answer
Same error here. "TLS Negotiation failed, the certificate doesn't match the host."
marked this as an answer
Same issue here.
marked this as an answer
I'm having the same problem X2 days. None of my "Send Mail As" settings have been changed and they have been working fine for years. Now, I'm suddenly getting "TLS Negotiation failed, the certificate doesn't match the host" rejects on some (but not all) of my outgoing messages that I send as if from my Network Solutions email address.
marked this as an answer
Algo getting the same error. Waiting from feedback.... Thanks
marked this as an answer
This has been escalated but it might take a while to get a response from Google.
marked this as an answer
GOOGLE U THERE BRUH???????? WTF
marked this as an answer
Same issue here to.
marked this as an answer
same issue! Google please!
marked this as an answer
me too! google, help!
marked this as an answer
Sadly, I have just started seeing this message to. Based in the UK. Started after 1pm BST time. Very annoying, as I have no idea if the emails are actually sent correctly or not. Come on Google - please acknowledge the issue at least.
marked this as an answer
My VPS with the affected domains is UK based too.
marked this as an answer
Same problem here, starting from today. My hosting is SiteGround, but I don't think is that the issue.
marked this as an answer
Same problem here starting from today ...
marked this as an answer
Since 2 days we have the same problem - what should we do?
marked this as an answer
Same problem here, settings haven't change for months.
Not impacting all aliases, nor every email. 

(somehow happy to see people with the same prob, will save me hours...)
marked this as an answer
I am not using TLS in my settings, they are set for SSL and I am still receiving this error message. Clearly google has broken something on their end.
marked this as an answer
I'm getting the same error:
TLS Negotiation failed, the certificate doesn't match the host.

And it's random. I've been using my emails for years, never had a problem or have changed anything.

Google please help fix this!
marked this as an answer
Same issue started this morning.
marked this as an answer
Me too. Just found this thread, I thought it was something with our smtp server but looks like Google messed something up. So. /subscribing here :)
marked this as an answer
I am having this issue as well. We retrieve emails from our server to our gmail accounts. And we use Send Mail as secured through TLS. Our settings have not changed. Only some gmail accounts, only sometimes failing to send. 

The response was:
TLS Negotiation failed, the certificate doesn't match the host.
marked this as an answer
Same problem here! :( Started few days ago with 1 out of 10 emails, now it's even more often :(
marked this as an answer
Idem ! It's very disturbing. I hope Google will fix it asap.
marked this as an answer
I'm having the same issue as well, which started today for me
marked this as an answer
Same thing here, it started today after 1 pm (before it was working), the data is correct and in another account that I have configured from the same domain it still works, only one of the accounts stopped
marked this as an answer
Same issue as everyone here
marked this as an answer
I am also having this issue. Worked well for 5 years, today I get this message but emails are delivered!
marked this as an answer
Hi! I am having the same issue:

The response was:
TLS Negotiation failed, the certificate doesn't match the host.

Been using this email alias for 3 years and it is the first time it happens.
marked this as an answer
Happened to me when sending from one Gmail account but not from my Google Apps / Gsuite account.

I changed the password, deleted the account from my Gmail account, re-added it, and it seems to be working fine from both now.
marked this as an answer
Same issue for me.
marked this as an answer
Yes, same issue here.

"TLS Negotiation failed, the certificate doesn't match the host."

@Google - It's a tough time with everyone working from home...  this is making matters much worse. :-(
marked this as an answer
Happening on my end as well. Using Bluehost as 3rd party hosting/certificate.
marked this as an answer
PROBLEM SOLVED
Hi everyone, got the same issue today, and apparently I solved it in a very easy way. Just go to the Gmail settings, Account and Imports, ins Send Mail as section, go to the alias that gives you problem, click edit info and simply tap next and insert again that smtp password. That's it. I've already tried to resend the various mail I was receiving the error and now they have been delivered. 

It seems like the google servers lost the auth and needed to check again the TLS negotiation.

Hope the solutions works also for all of you.
marked this as an answer
Having the same issues as everyone today and tried Luigi's solution this morning. It worked for an hour or two, but now it's back, sending the same error codes.
marked this as an answer
I am have been having the same issue since April 2, 2020. Google! Help us, please.
marked this as an answer
Same issue too--anyone get any answers yet?
marked this as an answer
I am having the same problem, this morning tried to solve it (in the same way that the "Problem Solved" person above tried to solve it). It's no better. I've been having it for at least 2 days, and like many people here, have had the accounts linked for years without issue. 
I even deleted the link and re-linked it but had the issue again already (twice).
marked this as an answer
Same issue -- had my alias email working for several years and yesterday (4/6) this started happening.

I've done re-creating a new password on the host email side and edit the password in gmail in the edit info for the alias.  That didn't work.

So I decided to start from scratch.  Tried deleting the email in "send mail as" and re-added it.  Went through the authentication process.  This appeared to work on a few emails, thought I was out of the woods but found out this morning some of the emails bounced back.  It's hit or miss.  Like others have said, maybe 2-5 out of 10 get this bounce back.  

I think this is on Gmail's end as it seems like everyone is using a different SMTP server.  I'm hosted on Siteground if it helps.
marked this as an answer
Having the same problem, 
TLS Negotiation failed, the certificate doesn't match the host.

No auth credentials have been changed recently, although I did try to save them again to see if that would fix it (it did not)
marked this as an answer
Same problem with a domain hosted on dreamhost first noticed on 2020-06-07 
The funny thing is: I erased the address from the google settings and then added it again and when google states "checking..." gmail accepts it without errors.
marked this as an answer
Same problem here as of today.  Some emails pass and others bounce.  No changes made.  I am sending through 465 using SSL to my host siteground's smtp server.  I tried updating the password as mentioned above but still had problems.  I don't know enough about this but wonder why is there a TLS error when I am using SSL?
marked this as an answer
Same issue, appears to be very random. And annoying. 
TLS Negotiation failed, the certificate doesn't match the host.
Sending email as an alias. 
Google, HELP! We do not need this right now :)
marked this as an answer
Same issue. Self-signed certificate. Very annoying.
marked this as an answer
Same issue for the first time on 4/7/20; I haven't touched anything.

Update 4/7/20: turns out my issue was replying to an email from someone, not on my end ("sent as" a separate email directly to their email addresses and it worked). The email I received was "via
{their domain name}365.onmicrosoft.com. Looks like it might be an issue with that, at least for me.
marked this as an answer
I'm having the same issue for about a week now.  I have tried everything, but the "Send As" feature is not functioning properly.  It allows about 2 of every 10 emails to go through.  I use Gmail for my work email, and forward my work email to my Gmail, and have the "Send As" alias set up so that all emails are sent from my work email address.  I need this corrected right away.  What can I do?

My domain is hosted by Web.com
Domain is:  Kmbarnettlaw.com

I have 2-step authentication turned on.  I have reset passwords.  I have removed and relinked the accounts and double checked everything.  They link and forward without issue, it is ONLY the "Send As" feature that is not working.  I have had it set up for 5 years now with no problem until last week.  Google please help!!!!
marked this as an answer
Is everyone using vanilla Gmail?  No extensions?  Just want to make sure.

I have MailTrack and Boomerang extensions, but I just want to rule it out.  I assume most people are using just out of the box gmail.
marked this as an answer
Yeah, no extensions, and no server-side changes. Gmail definitely changed something server-side. Some notice on Twitter as well.
marked this as an answer
The solution provided by Google under account settings only works for the next 5-10 messages and then it starts up again. ACCKKK...no time to send messages two or three times each. Google PLEASE fix this.
marked this as an answer
Having this issue with increasing frequency. Difficult to do business. Exactly as others describe, sending email with gmail through my own domain email server.
marked this as an answer
Same for me.  Just started today for myself and several clients.  Nearly all my emails are bouncing suddenly from the - TLS Negotiation failed, the certificate doesn't match the host. - Error.

Can we confirm that this is definitely something on Google's end?  Given how many people this is happening to, it would seem likely.
marked this as an answer
FIXED

I fixed it just now by having it send through port 25 with no security. Not ideal, but it works.
marked this as an answer
I am also suddenly having this error.  Is it maybe a gmail issue rather than our individual emails then?

I can then resend the email and will work half the time and others just keeps bouncing back.
marked this as an answer
I have clients with the same issue.
marked this as an answer
Has anyone figured out a solution to this?
Thank you1
marked this as an answer
I switched to TLS via port 25 (was SSL via port 465). It may have solved the issue for me.
marked this as an answer
It's really hard to tell, since the problem is intermittent to begin with. I have made no changes at all, and some emails go, some don't. It's fairly random (seeming), probably due to whatever server instance is handling a given message, and not all servers being entirely equal.
marked this as an answer
My logs for the last few days show several failures submitting mail from gmail's servers to my mail server.  I use a LetsEncrypt certificate.  Logs of failures below, in UTC, listing which google server was involved. Each had the message "did not issue MAIL/EXPN/VRFY/ETRN during connection to MSA".

Apr  3 14:34:35 mail-wm1-f46.google.com
Apr  3 14:40:06 mail-wm1-f52.google.com
Apr  3 16:17:22 mail-wm1-f48.google.com
Apr  5 02:01:30 mail-wm1-f47.google.com
Apr  5 02:01:30 mail-wm1-f49.google.com
Apr  5 02:01:30 mail-wm1-f51.google.com
Apr  6 02:43:44 mail-wm1-f48.google.com
Apr  6 17:21:26 mail-wm1-f43.google.com
Apr  6 18:25:28 mail-wm1-f46.google.com
Apr  7 17:15:23 mail-qk1-f173.google.com
Apr  7 17:15:23 mail-qk1-f175.google.com
Apr  7 17:26:57 mail-qk1-f169.google.com
Apr  7 17:26:57 mail-qk1-f179.google.com
Apr  7 17:28:38 mail-qv1-xf34.google.com
Apr  8 02:36:43 mail-qk1-f178.google.com
marked this as an answer
>I switched to TLS via port 25 (was SSL via port 465). It may have solved the issue for me.
It would not. Im using 25 port with TLS. with the same problem.
marked this as an answer
Just started happening to me too and its been working fine for years using a private domain.
How do I fix it??
marked this as an answer
Same issue here.
Some mails go out as usual (since always 10+ years), others suddenly not at all, only returning with

"The response was:
TLS Negotiation failed, the certificate doesn't match the host. "

Hoping somebody at @Gmail fixes that soon!