Certainly. I can imagine that if a mail server requires starttls it will override the starttls setting but DISCOURSE_SMTP_OPENSSL_VERIFY_MODE
should still be able to prevent an error.
Is anyone able to repro this?
Certainly. I can imagine that if a mail server requires starttls it will override the starttls setting but DISCOURSE_SMTP_OPENSSL_VERIFY_MODE
should still be able to prevent an error.
Is anyone able to repro this?
@Geoffrey_Challen how did you fix it?
Today I have update my forum to 2.9.0.beta4 (c99a6b10fb) and now I have the same error, discourse cannot send emails:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (Hostname mismatch)
I have not changed the configuration of the VPS and email!
My app.yml:
DISCOURSE_SMTP_ADDRESS: smtp.mydomain.info
DISCOURSE_SMTP_PORT: 25
DISCOURSE_SMTP_USER_NAME: info@mydomain.info
DISCOURSE_SMTP_PASSWORD: "mypassword"
DISCOURSE_SMTP_ENABLE_START_TLS: false # (optional, default true)
DISCOURSE_SMTP_DOMAIN: mydomain.info # (required by some providers)
#DISCOURSE_NOTIFICATION_EMAIL: noreply@discourse.example.com # (address to send notifications from)
Tried and nothing changes …
Please now i can’t send emails and i can’t use TLS, what can i do?
Issue this command and see for what hostname the certificate is for
openssl s_client -connect smtp.mydomain.info:25 -starttls smtp -showcerts 2>&1|grep "depth=0"
Replacing smtp.mydomain.info
with the address of your SMTP server of course.
Then try to see if you can reach the SMTP server using that hostname.
Thanks for your help @RGJ
hostname is CN = *.aruba.it
so it’s different from mydomain.info and yes I can reach SMTP server using hostname and telnet.
Everything worked perfectly before ./launcher rebuild app
But… I have DISCOURSE_SMTP_ENABLE_START_TLS: false
why does it keep looking for the certificate?
You can access the host using a name that matches the certificate. You can ask the server administrator to add the host name that your desire to the certificate.
That’s a good question, but you can make its answer moot by following the above advice, or so I think.
Another question, I think, is why did the mail admin break it for you?
Maybe that setting worked before and now it doesn’t. Whether it’s easier to track down that big or change the the hostname and see if that solves your problem is unclear.
No one made any changes, I’m sure, I just did ./launcher rebuild
for install this plugin.
So should I change the hostname of the VPS to something that ends with .aruba.it
?
That’s what it sounds like.
It’s possible that there is a regression that’s caused the issue, but I think that you can solve your immediate issue by changing the hostname
This might help finding the correct one:
dig +short smtp.mydomain.info|xargs -n 1 nslookup|grep name=
Unfortunately it doesn’t work, the error is the same:
SSL_connect returned=1 errno=0 state=error: certificate verify failed (Hostname mismatch)
With version 2.9.0.beta4 (0acbd63320) was working, can I downgrade?
I created a new temporary email account with start tls support, I hope it will be fixed before the 2.9.0.beta5 release.
I followed the advice above and set the hostname to the name on the certificate.
It’s worth noting that, in this case, the problem only seems to have occurred after a laucher-initiated rebuild, rather than merely on an upgrade. Perhaps a problem with the launcher scripts?
Can you please tell me how did you do it?
I’m going crazy, I can’t use SMTP server with port 25 or 587 without SSL and TLS
Thanks
I may not be able to help you then, since my configuration doesn’t require TLS. I think the only thing to do is either use a third-party email provider that provides valid certs, or wait for a fix that allows bypassing this issue.
Did you try Richard’s dig
command to find a hostname for your SMTP server for which it has a certificate?
Mine is also without TLS and SSL
Similar issue here Can't Send Emails - #14 by sukria.
Did something change in the base image or in an external library or gem?
Yes that’s right, it’s the same problem … it started about two weeks ago.
Can you try both
DISCOURSE_SMTP_ENABLE_START_TLS: false
DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
?
Are the first things I tried but still the same error
SSL_connect returned=1 errno=0 state=error: certificate verify failed (Hostname mismatch)
Hey, I tried it with both the options. It still doesn’t work:
DISCOURSE_SMTP_ADDRESS: REDACTED
DISCOURSE_SMTP_PORT: 25
DISCOURSE_SMTP_USER_NAME: REDACTED
DISCOURSE_SMTP_PASSWORD: REDACTED
DISCOURSE_SMTP_ENABLE_START_TLS: false # (optional, default true)
DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
DISCOURSE_SMTP_AUTHENTICATION: "login"
I still get certificate verify failed (self signed certificate)
.
For me it has been a blocking bug for a long time …
I recommend you to create a new temporary email address that has SMTP TLS support.