I moved my Wordpress shared-hosting site to the free version of CF a week ago and everything was working fine for the past week. Yesterday, however, I’m no longer able to send out emails from that domain, but I can receive emails fine. When sending emails, they won’t go through and I get this error:
“TLS Negotiation failed, the certificate doesn’t match the host.”
I went to my website’s CPanel to check the certificates and saw this certificate error on my site from yesterday, which is when the problem started:
An error occurred the last time AutoSSL ran, on January 10, 2022:
DNS DCV: No local authority: “MYDOMAIN.com”; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
Any ideas on how to fix this? I believe when I set the site up on Cloudflare that I selected the option for CF to resolve HTTP/HTTPS issues. Could that be causing the problem?
Without knowing the domain, we can’t offer specific advice.
Rule of thumb is that any hostname involved in email connections needs to be DNS Only. Typically this would be a hostname of mail.example.com, and all your mail clients need to be configured to send and receive through that hostname.
Thanks for the advice. Yes, the email is set to DNS Only, and all the emails worked fine for the first week.
I did figure out the problem. Basically my website’s Auto SSL runs periodically to renew the TLS and SSL certificates for the website and its email. Apparently, running the website through Cloudflare complicated things and when the Auto SSL feature (found on CPanel) ran a couple days ago, it came up with an error and didn’t renew the certificates. I’m not a techie and am new to CF, so maybe I’m not understanding it right, but I’m thinking that CF may have it’s own certificates that conflicted with the ones my site would normally issue?
To fix, I had to stop my website from running through CF, and then I reran the Auto SSL feature. Then it renewed my site’s certificates properly and my emails began working correctly again.
Are there any fixes so I can run the site through CF again and not have the certificate problem?
DNS Only. Typically this would be a hostname of