Self hosted Reply by Email stopped working after latest update

That’s the IP of the droplet, which is running the mail-receiver.

nzarchitecture.net.nz. 2727 IN A 159.65.140.176

its been changed in the last 5 months

I know what is going on. It’s that @#$($($* LetsEncrypt thing again that broke half the internet many things on Sept 30.

Just rebuild the mail receiver Docker.

6 Likes

hahahahaha, yes. i forgot about that. LOL

3 Likes

You got to follow the topic that @RGJ posted.

That should fix your issue.

4 Likes

Ah, ok. That sounds promising!
How do I rebuild ‘mail receiver docker’? is this different to the rebuilding of ‘docker manager’ that happens when updating the forum via dashboard?

Do I just follow this? How do I manually update Discourse and Docker image to latest? - howto / admins - Discourse Meta

you need to login to the command line side of your site.

It’s not via the forum admin dashboard.

Hi, I was able to rebuild mail receiver docker using instructions at that link Direct-delivery incoming email for self-hosted sites - howto / sysadmin - Discourse Meta

Had to upgrade / resize my Digital Ocean droplet to do it, as even after deleting all backups etc stored on host, there was not enough disk space to do a rebuild

After rebuild, I was able to send that message to staff@nzarchitecture.net.nz - and the forum log this time acknowledged it.
However when I try to reply by email to an existing topic of the forum that I have been notified about, while the incoming messages are now acknowledged, none appear on the forum, and all get Mail Delivery Failure warnings in email log.

Incoming messages are not appearing in Bounced Email log, but do all appear in Rejected Email log with warning [Email::Receiver::BadDestinationAddress] - including my own administrator email account which I would hope does not suddenly have a bad destination address

Have you rebuilt your mail receiver lately?

3 Likes

Yes - did that about half an hour ago, which resulted in the post above.
I have just now done another full rebuild, and (touch wood) things seem to be working again

1 Like

Could be that force https was not set and the rebuild fixed it.

1 Like

Actually I had just spotted a warning about exactly that in dashboard, and so clicked the handy provided link to appropriate setting and ticked the box.

I had not realised that force https was mandatory for receiving incoming email

Just possible that lack of enforced https has also been causing issues with using facebook login - I have recently been notified by Facebook that my site was in breach of their terms of service and has been suspended. There were no action items in my Facebook apps developer control panel, so I appealed, and the response was that they could not verify the site due to an unspecified error generated by my forum url,

1 Like

It seems ticking the ‘force https’ box has not helped at all with Facebook login. Facebook tech support are still saying the site landing page generates a ‘your connection is not private
NET::ERR_CERT_COMMON_NAME_INVALID’ security warning for them.

The issuer of the certificate, per the error page, is shown as ‘R3’ - which a google search suggests is related to Let’s Encrypt - the same people who’s certificate expiry triggered the need to rebuild Discourse installation.

Is this a coincidence? Does this suggest the latest Discourse build (2.8.0 beta 7) still has a certificate problem? or is this an unrelated issue to do with hosting/Digital Ocean?

My own blundering google research has let me to test my url using https://www.whynopadlock.com/, which results led me to this post by a Let’s Encrypt user

Let’s Encrypt recently updated its intermediate certificate from “Let’s Encrypt Authority X3” to “R3”.

If you use a well-behaved ACME client, it would have automatically started using the new intermediate at your last renewal. You shouldn’t have noticed any difference.

In your case, perhaps you have been hardcoding the intermediate certificate. If that’s the case, you’ll need to use the new intermediate, which you can find on Chain of Trust - Let's Encrypt : https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem

Is current version of Discourse perhaps wrongly ‘hardcoding the intermediate certificate’?

Are ‘intermediate certificates’ something that Discourse administrators are now required to manage? And if so, how?

Please let me know if I am now off topic - I am not sure if part of the same issue or not.

Your certificate chain is fine. The LetsEncrypt root certificate expiration led to many small issues worldwide. This is one of them. It’s up to FB to fix this, they are seeing a false negative.

3 Likes

once you fix the ssl cert problem, get them to review the case and then they will enable your app again.

1 Like

Problem is, there is nothing to fix on forum side of things.

Thanks guys!
I am throwing that SSL A+ report and explanation back at Facebook.

3 Likes

That sounds like an issue on their side with the update to the root certificate. And the people who check don’t have enough tech sense to know that.

1 Like

This topic is also relevant.