Wildcard Certificate
Hosted CanIt offers MX records using this format:
Domain Preference MX Host example.com 10 example-com-mf.canit.ca. example.com 20 example-com-mg.canit.ca. example.com 30 example-com-mh.canit.ca. example.com 40 example-com-mi.canit.ca.
Hosted CanIt's servers have SSL certificates with Subject: CN = *.canit.ca. This is known as a wildcard certificate (or more properly a certificate with a wildcard subject name). An important limitation of wildcard certificates is that they only apply to the one level. *.canit.ca will match domain.canit.ca but not sub.domain.canit.ca.
MX Record Updates
In early days of Hosted CanIt we provided domain names with a dot separator instead of a dash separator as above.
For example, example.com.mf.canit.ca instead of example-com-mf.canit.ca.
As a result, some of our customers may still have their MX records published in the old format rather than the new format. Additionally, the difference may be hard to spot when troubleshooting certificate errors.
Certificate Errors
If the certificate doesn't match, you may see an error like this:
SSL verify error: certificate name mismatch: DN="/CN=*.canit.ca" H="example.com.mf.canit.ca.
... or perhaps even the less explicit SSL verify error: certificate name mismatch without the extra detail.
If you see this error, check the MX records first to ensure you don't have a case of dots versus dashes, as this is a likely cause.
Before contacting Roaring Penguin Technical Support, please check for this. Additionally, if you need to contact support, provide as much relevant detail as you can, including any bouncebacks, error messages from logs as above, or details from a specific email related to the error -- sender, recipient, subject, approximate date and time.
