Project

General

Profile

Email sending error - issue with self signed certs

Added by Zs Vizi 6 months ago

Hi everybody!

I'm trying to set up a redmine server, with the "official" docker image on dockerHub. It is more or less working (I could successfully import all old data from our old redmine server), but I cannot make the email working.

The email server is on the same computer (some else maintains it, I cannot change the settings of it nor see logs), it can be accessed on localhost:25, with no login. The mail server uses a self-signed certificate, and it seems that this is the root of my problem. Here's an example email config (note: the address is due to docker's network handling):

production:
delivery_method: :smtp
smtp_settings:
openssl_verify_mode: "none"
address: "host.docker.internal"
port: 25

This way I get the following error:
An error occurred while sending mail (454 4.7.1 <xxx@yyy.com>: Relay access denied )

If I set anything in the config file about SSL (set_starttls_enable, ssl...etc), I immediately get this error message:
An error occurred while sending mail (SSL_connect returned=1 errno=0 peeraddr=x.x.x.x:25 state=error: certificate verify failed (self signed certificate))

I tried to look for a solution online, since I've been trying for about a week with different approaches, settings, networking. I only found a few forum posts about this exact problem (redmine with self signed certs), none of them had answers, but most of them imply that newer redmine versions don't support self signed certs (see the error message above).

Has anyone any idea how to alter the config, or is it even possible?

My system:
OS: Debian 11 /though it doesn't really matter/

Redmine version: 5.0.2.stable
Ruby version: 3.1.2-p20 (2022-04-12) [x86_64-linux]
Rails version: 6.1.6
Environment: production
Database adapter: Mysql2

MySQL version:: mysql Ver 14.14 Distrib 5.7.39, for Linux (x86_64) using EditLine wrapper


Replies (5)

RE: Email sending error - issue with self signed certs - Added by Boy132 DE 2 months ago

I have the same problem on Redmine 5.0.4 with Ruby 2.7.4:

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)

Setting the openssl_verify_mode to none did not help. This error did not occur on Redmine 4.x.

RE: Email sending error - issue with self signed certs - Added by Vitkor Zsitva 27 days ago

Hello

Ruby and Redmine were also updated for me.
Redmine 5.0.4 with Ruby 2.7.4.

SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate)

Modify gems module: net-smtp
Line 601 ->

Origin: ssl_context_params[:verify_mode] = @tls_verify ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
Modify: ssl_context_params[:verify_mode] =  OpenSSL::SSL::VERIFY_NONE

systemctl restart httpd

And so I managed to solve it by force, but when I run bundle update, this modification disappears, so I will run into an error again.

RE: Email sending error - issue with self signed certs - Added by Boy132 DE 27 days ago

I solved it by removing all tls-related config settings (in my case enable_starttls_auto) and just setting openssl_verify_mode to 'none'. After that it worked.

RE: Email sending error - issue with self signed certs - Added by Vitkor Zsitva 27 days ago

Sometimes less settings are better? :D
Weird way I tried this idea and it works.
Thanks for the idea, so you don't have to worry about the error when updating.

RE: Email sending error - issue with self signed certs - Added by Nicole Shepherd 12 days ago

Boy132 DE wrote:

I solved it by removing all tls-related config settings (in my case enable_starttls_auto) and just setting openssl_verify_mode to 'none'. After that it worked.

Thanks, I was also facing the same issue. I hoep it works for me too.. By the way i am looking for the Patent Translation Services online and while i am looking for it i found this website https://isaccurate.com/patent-translation-services here i can see top 5 website which helps me to translate and i also can see the reviews of these sites which helps me to find the best website for me.

    (1-5/5)