Sorry for another redundant question, as I can see there are many similar support requests to this, eg: Email Notifications Failing after Update , but our error message is slightly different:
“certificate verify failed (unable to get local issuer certificate)”
which I can see on GitHub affects sidekiq - is it being more picky suddenly? I am also addressing this with our mailrelay, but if I can give them more specific information on how to fix this, or if it’s on my forum’s side (https://forum.solarfarmer.dnv.com/) then that would help us trouble shoot faster.
but it doesn’t show any other domains, it just says the same error as sidekiq: “unable to get local issuer certificate” and a bunch of other stuff. I tried changing the app.yml mail settings to and back to our mail relay, and running ./launcher rebuild app each time, but so far nothing works.
hostname in the certificate is different than the hostname you’re connecting to
no certificate at all
It looks like you are experiencing the latter one. The only resolution is to make sure you have a correctly configured SMTP server, supporting STARTTLS and with a correct certificate.
Thanks @RGJ - but why did this issue only begin after upgrading to version 2.9.0? Is it because STARTTLS is being stricter about enforcing this requirement. Nothing has changed for our mail relay or in the app.yml mail configuration. The site’s IP is whitelisted with the mail relay which is maintained by the IT department. I don’t have any control over it. The site CNAME is also controlled by our IT department. They do have different domains, the CNAME is “dnv.com” and mail relay is “dnvgl.com” is that part of the issue? I am pursuing this in parallel with our IT department, but trying to give them as much info as I can. I apologize for my ignorance, a lot of this is way over my head, so I may be using incorrect terms. Sorry
Our IT dept says, “there’s nothing wrong with certificates [for the mail relay] all are active and properly configured to be used with smtp service. Second - I haven’t heard of any problems from any other services/clients that are using this mail relay.”
IT has created a new email account using office365 onmicrosoft, but I am still having issues. Now I get either ReadTimeout or SMTPAuthenticationError: Unrecognized authentication type
my current config:
DISCOURSE_SMTP_ADDRESS: smtp.office365.com
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: myusername
DISCOURSE_SMTP_PASSWORD: "mypassword" # are quotes needed?
DISCOURSE_SMTP_ENABLE_START_TLS: true # is this right?
DISCOURSE_SMTP_DOMAIN: outlook.com
DISCOURSE_NOTIFICATION_EMAIL: myusername@mycompany.onmicrosoft.com
@RGJ I want to thank everyone for their help. I finally, finally have this resolved. The tweak for office365 is to use DISCOURSE_SMTP_AUTHENTICATION: login.
And the username is the full email address at the organization using office365, usually myaccount@mycompany.onmicrosoft.com. This may or may not be the same as your notification email.
We are experiencing the very same issue here with a PROPERLY configured SMTP server used by dozens of other services. The SMTP server employs a wildcard certificate issued byt Let’s Encrypt.
The error says:" (unable to get local issuer certificate)"
make sure your domain matches the certificate returned from openssl if any. Also check this thread “Email Hostname Cert Mismatch Causing sidekiq…” linked above
Also the email trouble shooting guide helped me a lot. I had to read it very closely several times to get what I needed. Maybe you will find something there?