- Plesk for Linux
Outgoing mail delivery to Gmail (or other servers which has SSL enabled and configured with valid certificate) accounts fails with error in
from=<email@example.com>, size=666, nrcpt=1 (queue active)
certificate verification failed for gmail-smtp-in.l.google.com: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Note: There may be another address of Gmail's SMTP server, like
. This solution is valid for any cases where messages contain
Certificate Authority (CA) certificate is missing in
The server does not trust valid CAs.
Connect to the server via SSH.
Make sure that file
/etc/pki/tls/certs/ca-bundle.crtexists (it contains information about valid CAs).
Update OpenSSL package if possible in order to get fresh version of CA bundle.
/etc/postfix/main.cffile as shown below:
# grep smtp_tls_CAfile /etc/postfix/main.cf
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
Restart postfix daemon to apply the changes:
# /etc/init.d/postfix restart
Stopping postfix: [ OK ]
Starting postfix: [ OK ]