- Plesk for Linux
Outgoing mail delivery to Gmail (or other servers which has SSL enabled and configured with valid certificate) accounts fails with error in
from=<email@example.com>, size=666, nrcpt=1 (queue active)
certificate verification failed for gmail-smtp-in.l.google.com: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Note: There may be another address of Gmail's SMTP server, like
. This solution is valid for any cases where messages contain
Certificate Authority (CA) certificate is missing in
The server does not trust valid CAs.
Connect to the server via SSH.
Make sure that file
/etc/pki/tls/certs/ca-bundle.crtexists (it contains information about valid CAs).
# ls -l /etc/pki/tls/certs/ca-bundle.crt
lrwxrwxrwx. 1 root root 49 Apr 8 00:59 /etc/pki/tls/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Update OpenSSL package if possible in order to get fresh version of CA bundle:
# yum update openssl
# apt-get install --only-upgrade openssl
- Add line
/etc/postfix/main.cffile as shown below:
# grep smtp_tls_CAfile /etc/postfix/main.cf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
- Restart postfix daemon to apply the changes:
# /etc/init.d/postfix restart
Stopping postfix: [ OK ]
Starting postfix: [ OK ]