HelioHost Posted August 28, 2025 Posted August 28, 2025 Username: joyusecommerce, Server: Johnny, Main domain: yieldandco.helioho.stHi HelioHost, I?m following up on a support request originally submitted via your public forum, which has now gone unanswered for 24 hours. The issue is blocking our CRM integration and affecting secure mail connectivity for yieldandco.com. Forum thread: https://helionet.org/index/topic/65447-hubspot-crm-connection/ Summary of Issue - I?ve reissued the Let?s Encrypt certificate for yieldandco.com and confirmed it?s valid. - However, the mail endpoint (mail.yieldandco.com) is still serving an incorrect or fallback certificate of johnny.heliohost.org. - HubSpot CRM is attempting to connect via IMAP/SMTP and failing due to TLS handshake errors and certificate mismatch. - SSL Labs flags the endpoint with a B grade, capped due to deprecated TLS versions (1.0 and 1.1), and shows additional issues: - Unreachable IPv6 endpoint (2001:470:1:1ee:0:0:0:2009) - Broken session resumption - Weak cipher suite prioritization - No DNS CAA record - CRL validation error - SNI fallback failure for legacy clients What Needs Immediate Attention - Bind the correct certificate to the mail endpoint (mail.yieldandco.com) - Restart Apache and Dovecot/Postfix to apply the cert to ports 465 and 993 - Ensure the cert includes both yieldandco.com and mail.yieldandco.com in the SAN - Disable TLS 1.0 and 1.1 to remove the grade cap and improve client compatibility - Confirm that HubSpot?s IPs are not blocked due to failed handshake attempts I?ve held off CRM integration to avoid triggering rate limits or further handshake failures. The server has restarted multiple times today, which suggests someone is working on it?but without communication, I can?t confirm progress or safely resume integration. Please escalate this to a senior technician and provide a status update. I?m happy to share the full SSL Labs diagnostic report if needed. Warm regards, Joyce Yield & Co.
Krydos Posted August 28, 2025 Posted August 28, 2025 Use johnny.heliohost.org for the IMAP host, POP3 host, and SMTP host.
joyusecommerce Posted August 28, 2025 Posted August 28, 2025 Since I have attempted Hubspot, Zoho and Bitrix24 to allow access even using the hostname of johnny.heliohost.org to no avail, they all have an issue with the SSL not matching the domain name of yieldandco.com. With this limitation, I will need to house emails elsewhere. I have already changed the nameservers back to Porkbun. What DNS records will I need to incorporate to house just the website on HelioHost?
Krydos Posted August 28, 2025 Posted August 28, 2025 Have you tried checking this box and clicking "Secure mail"? Please note, that the image won't show up in your email so you'll need to click the link below to view the image on the forum.
joyusecommerce Posted August 28, 2025 Posted August 28, 2025 Thanks for your time. I’ve secured the mail layer via Plesk and fully reissued the SSL certificate for yieldandco.com. During the reissue, I made sure to check all available boxes—including coverage for both webmail and mail services—to ensure complete domain-level protection. Despite that, the issue persists due to a mismatch between the certificate domain and the server hostname. The certificate is valid for yieldandco.com, but the server is identifying itself as johnny.heliohost.org. This discrepancy is causing the CRM’s email integration to fail during SSL validation. It’s the same mismatch flagged in the SSL Labs report, which I’ve reviewed in detail—though the full output exceeds the attachment size limit. In the meantime, I’ve already initiated the nameserver change back to Porkbun—so I can route email independently. This allows me to begin propagation and make necessary changes today. I’d prefer to move email back to HelioHost once the SSL and routing issues are resolved, but I needed the propagation window to begin so I can keep things moving. To that end, I’d appreciate it if you could provide the necessary DNS details—such as the correct A record or IP address—so I can continue hosting the website on HelioHost while managing email routing externally. Also, could you confirm whether HelioHost supports SNI? If so, I’d like to understand how to configure the server to present the correct domain-specific certificate during the TLS handshake. That would likely resolve the mismatch and restore integration. Thanks again for your support—I’m happy to provide any additional logs or test results if helpful.
Krydos Posted August 28, 2025 Posted August 28, 2025 You can find the IPv4 for the A record in Plesk on the Websites & Domains tab.
Recommended Posts