POP3 Polling SSL Issue

Doing a regular check of the logs on a production Discourse I noticed the Poll Mailbox job was failing with this error:

Job exception: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)

Some relevant notes:

  • This instance is a standard Discourse installation on Digital Ocean with a LetsEncrypt certificate. There’s nothing else on the server.
  • Pop3 email importation has been working on it without any issues for a number of months.
  • There’s no indication of any issues on the gmail side (i.e. suspcious sign-in etc)

There is an interesting topic here that mentions the same error, but it seems that that concerns an installation that actually has a self signed certificate: Reply by email SSL self signed certificate error.

The relevant site settings were:

pop3 polling enabled: true
pop3 polling ssl: true
pop3 polling openssl verify: true
pop3 polling period mins: 5
pop3 polling host: pop.gmail.com
pop3 polling port: 995
pop3 polling username: // a gmail username
pop3 polling password: // a gmail password
pop3 polling delete from server: true

I initially tried toggling pop3 polling enabled, but this did nothing (and no errors were returned). I also rebuilt the container. Finally, I changed pop3 polling openssl verify to false and the Poll Mailbox job now works again.

I’m not sure what to make of this atm, but thought I might report it for now.

As a side note, if the Poll Mailbox job is failing it might be good to log it somewhere in the admin UI, as a “silent” failure there, and a failure to import messages, can cause a bit of an issue.

3 Likes

I’m seeing the same problem on one of my sites. I’m having a look…

2 Likes

This was caused by an incompatibility between TLS 1.3 and Ruby. I’ve committed a workaround and will try to get this fixed upstream.

And I agree, we should show all POP3 errors in the admin dashboard, not just timeouts and auth errors. I’ll fix that as well.

8 Likes