Phpmailer Generates PHP Warning: Stream_Socket_Enable_Crypto(): Peer Certificate Did Not Match Expected

PHPMailer generates PHP Warning: stream_socket_enable_crypto(): Peer certificate did not match expected

I had the same problem and I found the answer in the PHPMailer documentation.

PHP 5.6 certificate verification failure

In a change from earlier versions, PHP 5.6 verifies certificates on SSL connections. If the SSL config of the server you are connecting to is not correct, you will get an error like this:

Warning: stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The correct fix for this is to replace the invalid, misconfigured or self-signed certificate with a good one. Failing that, you can allow insecure connections via the SMTPOptions property introduced in PHPMailer 5.2.10 (it's possible to do this by subclassing the SMTP class in earlier versions), though this is not recommended:

$mail->SMTPOptions = array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
);

You can also change these settings globally in your php.ini, but that's a really bad idea; PHP 5.6 made this change for very good reasons.

Sometimes this behaviour is not quite so apparent; sometimes encryption failures may appear as the client issuing a QUIT immediately after trying to do a STARTTLS. If you see that happen, you should check the state of your certificates or verification settings.

PHP Mailer Warning: stream_socket_enable_crypto(): Error

You presumably have this set:

$mail->Host = 'mail.mydomain.com';

but when you connect to that, it actually connects to your ISP's mail host (probably something like mail.mywebhost.com, which presents the *.mywebhost.com certificate), and so of course the name on the server's certificate you've got does not match. The correct solution to this is to change your Host property to use the real name of the mail server, as then the certificate will match, and you will have no mismatch errors:

$mail->Host = 'mail.mywebhost.com';

(you'll need to find out what the exact name should be). For this to work with your own certificate, you would need to be running your own mail server on its own IP, something you're not likely to get on shared hosting.

An alternative workaround also described in the troubleshooting guide is to disable certificate validation (as pre-5.6 PHP did) - but you should not do that. You know why this is failing, so you should fix it properly, not simply suppress the error.

Related Topics