kresus_ynh icon indicating copy to clipboard operation
kresus_ynh copied to clipboard
Published 6 months ago verified publisher icon YunoHost-Apps

Alerts mail do not work

Open Aeris1One opened this issue 2 years ago • 4 comments

Describe the bug

Alerts mail do not work due to 127.0.0.1 not having a trusted security certificate.

Context

  • Hardware: Hetzner CAX11
  • YunoHost version: 11.2.5
  • I have access to my server: Through SSH | through the webadmin
  • Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
    • If yes, please explain:
  • Using, or trying to install package version/branch: master (0.20.0~ynh1)
  • If upgrading, current package version: n/a

Steps to reproduce

  • Install Kresus
  • Go to "Alerts"
  • Enter your mail address
  • Click "send test mail"

Expected behavior

A test mail is sent

Logs

[2023-11-23T08:56:03.018] [INFO] emailer - About to send email. Metadata: [email protected] *******@****.*** [Kresus] Email de test
[2023-11-23T08:56:03.112] [ERROR] emailer - Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list: 
    at new NodeError (node:internal/errors:406:5)
    at Object.checkServerIdentity (node:tls:337:12)
    at TLSSocket.onConnectSecure (node:_tls_wrap:1669:27)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket._finishInit (node:_tls_wrap:1070:8)
    at ssl.onhandshakedone (node:_tls_wrap:856:12)
[2023-11-23T08:56:03.112] [ERROR] helpers - when trying to send an email: Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list: 
[2023-11-23T08:56:03.112] [INFO] helpers - Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: IP: 127.0.0.1 is not in the cert's list: 
    at new NodeError (node:internal/errors:406:5)
    at Object.checkServerIdentity (node:tls:337:12)
    at TLSSocket.onConnectSecure (node:_tls_wrap:1669:27)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket._finishInit (node:_tls_wrap:1070:8)
    at ssl.onhandshakedone (node:_tls_wrap:856:12)
[2023-11-23T08:56:03.114] [ERROR] HTTP - POST /api/instance/test-email - 500 (97 ms)

Aeris1One avatar Nov 23 '23 09:11 Aeris1One

Thanks for opening an issue; can you try to disable the TLS check in the config.ini?

bnjbvr avatar Nov 23 '23 11:11 bnjbvr

By default, force_tls is set to false and reject_unauthorized (which allows self-signed certificate) is set to true. Changing reject_unauthorized to false does nothing.

I remember seeing a similar error in Matrix Yunohost Support room recently, may be related.

Aeris1One avatar Nov 23 '23 12:11 Aeris1One

using the following config I was able to send test e-mails no problem:

force_tls=false
reject_unauthorized_tls=false

Did you remember to sudo systemctl restart kresus after altering the config?

orhtej2 avatar Nov 23 '23 13:11 orhtej2

Fix available for testing in #177

orhtej2 avatar Nov 23 '23 13:11 orhtej2