Possible bug with mail: certificate verify failed (unable to get local issuer certificate)

Set up a discourse install on a new server and had issues with mail (certificate verify failed (unable to get local issuer certificate)) even though I could send/receive email from the same address via my Mac and iPhone (without it complaining about certs or anything like that).

Tested using the guide here: How to Test SMTP AUTH using Telnet again which passed: 235 2.7.0 Authentication successful.

In the end I added this to app.yml following @Falco’s post in another thread:


But it still feels like a bug as the same email with the same credentials is working fine elsewhere, so thought I’d post here just in case.

The error you’ve seen is related to the mail protocol and isn’t address specific. For some reason your Discourse instance isn’t negotiating a TLS connection with the destination mail server. You’ve fixed it by turning off TLS negotiation during the mail sending connection

When you’re using your phone that’s probably sending the messages through a different server, or if it’s the same destination server then the phone is able to negotiate TLS correctly.


Any ideas how we can troubleshoot this Chris?

Both Mac and iPhone have been configured to use the same mail.domain server to send mail, and following the test was successful (though I am not sure how closely that replicates what Discourse is doing).

If your clock is way off then certs can appear expired when they are not. It could be that the SSL libraries used by your mail provider are incomplete.

Clicking the “disable security” button is never recommended.

1 Like

Time on the server is correct Sam. Which SSL libraries does Discourse need the mail server to have?

The thing that makes this odd is that (Apple) Mail is usually very quick to warn of issues, yet the same emails work fine on my Mac.

The only other thing I can think of is DNS propagation because this is a new sever and the email host was slightly different on the old server (but the email is being hosted on the same server as the forum so not convinced this would be the issue).

1 Like

Thanks Sam! Sorted!

For some reason I had forgotten to configure chain.pem in Postfix :smiling_face:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.