cancel
Showing results for 
Search instead for 
Did you mean: 

TLS error with relay.force9.net

PaulF9
Newbie
Posts: 2
Registered: ‎02-09-2021

TLS error with relay.force9.net

I use Gmail as a client to send email through the force9 servers, but as of today I am getting certificate errors when trying to send through relay.force9.net.

The error is

 

"TLS Negotiation failed, the certificate doesn't match the host."

 

I'm not certain I am checking it correctly, but when using openssl to test the cert (openssl s_client -showcerts -connect relay.force9.net:587 -starttls smtp) I am not seeing a CN or SAN for relay.force9.net, only for relay.plusnet.net.

Is it just me seeing these errors or is there a certificate problem?

Openssl output:

 

CONNECTED(00000003)
depth=0 CN = relay.plus.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = relay.plus.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=relay.plus.net
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
-----BEGIN CERTIFICATE-----
MIIG0zCCBbugAwIBAgIIG5h4GmKtyOQwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMjEwOTAyMTAxNjQ5WhcN
MjIwOTAyMTAxNjQ5WjAZMRcwFQYDVQQDEw5yZWxheS5wbHVzLm5ldDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANBPsHgbgQj8eVJYinNGZSXyCO5+0bah
uEOAXBekxei1cppZBqgj+HJibI4eIYqCO+ApLbLzQML/o9ZUlKfkHEzhW/6ZycQr
92WXESDxYR2nEwObSFcX3e+eDQFVJ4mZykCSoZjRnA7r2bkM/oSX1XAp5/i1Z0Fr
YNH59rLH85HF47W8+VQ0IcsCqmq+485w8C3X9nRO7wNVogbKeyDoRQ4T8bx1KUR/
UTDZQM1TvnZm9FrYtpnsaooStVzIy1LK5TxoNHiLryqYfDxLyfZ9D9Wse5M+/LP2
WpVoH7hTzQVb6GUjNY4+JtLycLdRiNxXXECo9UOjaGkmALd/qAqrag0CAwEAAaOC
A4EwggN9MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMA4GA1UdDwEB/wQEAwIFoDA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vY3Js
LmdvZGFkZHkuY29tL2dkaWcyczEtMzI1Ny5jcmwwXQYDVR0gBFYwVDBIBgtghkgB
hv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFk
ZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRqMGgwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0
aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcy
LmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjBsBgNVHREEZTBj
gg5yZWxheS5wbHVzLm5ldIISd3d3LnJlbGF5LnBsdXMubmV0ghRyZWxheS5tZXRy
b25ldC5jby51a4IVcmVsYXkuZnJlZS1vbmxpbmUubmV0ghByZWxheS5mb3JjZTku
bmV0MB0GA1UdDgQWBBTal8+bASFBp7d50l/CadDI2X1ljjCCAX0GCisGAQQB1nkC
BAIEggFtBIIBaQFnAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QA
AAF7pgLzFAAABAMARzBFAiBKCWV5K2obqy/mPu3NQ7fn01AYGuOHMJ8sLjW0Qm6e
JAIhALFlhtUUAS90A/BmFgTu+UXXRtOZI+dV2lmMmkNerFg9AHYAQcjKsd8iRkoQ
xqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF7pgL0xgAABAMARzBFAiEAgl6xWoQL
0rtu+HrcDWXnJIUERU/R3FkPBEFjq4/yuukCIG9rVbiW9fEjlkkUFNs9qwGMt5EQ
xBbcVwf2b4IcoDiYAHUA36Veq2iCTx9sre64X04+WurNohKkal6OOxLAIERcKnMA
AAF7pgL1wAAABAMARjBEAiAwFh23QhJnW8rKGuVOevWd2lmRvv0eT+mdhCIRT7Gb
IAIgCp1uwwMxEga9EXG89ni40Vm7LudMuM5LvjajQrJOG2QwDQYJKoZIhvcNAQEL
BQADggEBAImDRTZeJTFEWnZzVFZcXLMeKqR3Hf1jA0oOkENy3BZAOzllygE/DUNs
lTDE9SAnVPdF4LuAB6GwsyksDpwt9WSejTtFatvidziPTocyt0NxyCfbbjfTs4QS
l0pIAwomse5s9LOD+3BdAYOf/O7UVC8r+Kk+GCcVI8pqqy6gRCNS2dlDdFLvZVC2
LO4pZ56Ptu/VhNcCasdjKgd8rajOFFAoju1qfsxvn5cN73EBDu7yj4tdjevDX2Ac
ppKRovWsc2fjwW9eFSWUJwivzcFSwOlQ2idSbfm4kwwj0GjTC+7Vgwqe6QlsjXRB
gWcvWfiMiJFbz1eRBc1wx2qeabEwqsc=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=relay.plus.net
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2631 bytes and written 335 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 13D22EB19C0625ECC52882AE098FAC15C5230219239CBDA8FACB3A0D172B5DA9
    Session-ID-ctx:
    Master-Key: 4A7E4DC58D6FF670B604C0AEA5877095E751AD5EEE74617803A50236BE45F17647D179F5FF3AF87E8752D84D7E642F88
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 33 c7 c9 fa 34 0c b2 a0-f1 91 a2 aa f6 6c d5 b3   3...4........l..
    0010 - 18 79 77 f3 dd b3 f0 4e-ba ff 5a e1 81 e3 7d 58   .yw....N..Z...}X
    0020 - 00 fb f4 1c 27 68 9a 71-2f 56 6b d2 8a 8d 33 43   ....'h.q/Vk...3C
    0030 - 17 0b e0 22 56 40 46 c7-3f d2 e6 d8 3b af 6e 4b   ..."V@F.?...;.nK
    0040 - 3a 49 99 4a 4a 48 95 e6-1e 0c 79 58 c7 7a f3 c6   :I.JJH....yX.z..
    0050 - 68 63 f1 7c 1b e9 4a bc-1b 07 0f c9 4b c6 2a 46   hc.|..J.....K.*F
    0060 - 0d 16 80 ea 0f 75 6f 95-da ae ff c6 0c 71 4d 42   .....uo......qMB
    0070 - 33 3c af 41 d7 43 25 bf-d8 af 98 ba 6a 96 06 5e   3<.A.C%.....j..^
    0080 - ef ae 97 54 3e e5 27 51-2f 61 af 6c 50 c8 fa f6   ...T>.'Q/a.lP...
    0090 - 68 87 5a ee 19 1a 3c 3a-e5 34 84 d5 ef 1b 0e ea   h.Z...<:.4......

    Start Time: 1630608307
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
250 OK
read:errno=0

 

4 REPLIES 4
dvorak
Moderator
Moderator
Posts: 29,701
Thanks: 6,588
Fixes: 1,485
Registered: ‎11-01-2008

Re: TLS error with relay.force9.net


Moderators Note


This topic has been released from the automated spam filter.

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
BD
Plusnet Alumni (retired)
Plusnet Alumni (retired)
Posts: 1,359
Fixes: 86
Registered: ‎24-04-2017

Re: TLS error with relay.force9.net

Hi @Paul9, thanks for getting in touch and I'm sorry to hear you're having issues when trying to send mail recently. Looking online I can see the error message you're getting could be due to SSL settings on your client. I'd advise then making sure SSL is turned off as some updates can result in this being enabled.

On top of this, as to make sure the settings your client is using are correct:
If your email client is set up as POP3 then you'd need the incoming server: http://mail.force9.net (with the port number being 110)
If your email client is set up as IMAP then you'd need the incoming server: http://mail.force9.net (with the port number being 143)
The outbound server details needed are: http://relay.force9.net (with port 25 or 587)
If there's a username asked this would solely be the username for your account.
If there's an email field this would be in the format of: mailboxname@username.force9.co.uk

Hopefully this helps in confirming the details your current email client is using are correct. Should you continue to see issues after checking over these settings then please do get back to us and we'll happily investigate further.

PaulF9
Newbie
Posts: 2
Registered: ‎02-09-2021

Re: TLS error with relay.force9.net

Thanks, but it wasn't any of those things. It was the certificate problem on relay.force9.net, as described in another chain here. It is all working again now though, so thanks to whoever renwed the cert.

LaurenB
Plusnet Help Team
Plusnet Help Team
Posts: 2,577
Thanks: 491
Fixes: 131
Registered: ‎07-12-2017

Re: TLS error with relay.force9.net

Hi @PaulF9, thanks for getting back to us. I'm pleased the issue is now sorted and please just get back to us should you have any further queries.

If this post resolved your issue please click the 'This fixed my problem' button
 Lauren Barry
 Plusnet Help Team