shoutrrr
shoutrrr copied to clipboard
env var "WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY=true" does not work for shoutrrr
Hi, I use watchtower in the current docker-compose file:
watchtower:
# https://containrrr.github.io/watchtower/
image: containrrr/watchtower
container_name: watchtower
restart: unless-stopped
environment:
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_POLL_INTERVAL=300
- WATCHTOWER_MONITOR_ONLY=false
- WATCHTOWER_SCHEDULE=0 0 4 * * *
- WATCHTOWER_NOTIFICATIONS_LEVEL=debug
#
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_NOTIFICATION_EMAIL_FROM=${WATCHTOWER_NOTIFICATION_EMAIL_FROM}
- WATCHTOWER_NOTIFICATION_EMAIL_TO=${WATCHTOWER_NOTIFICATION_EMAIL_TO}
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=${WATCHTOWER_NOTIFICATION_EMAIL_SERVER}
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=${WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT}
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=${WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER}
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD=${WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD}
# in seconds:
- WATCHTOWER_NOTIFICATION_EMAIL_DELAY=2
# to skip cert verify
- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY=true
# HTTP API Metrics
- WATCHTOWER_HTTP_API_METRICS=true
- WATCHTOWER_HTTP_API_TOKEN=${WATCHTOWER_HTTP_API_TOKEN}
networks:
egress:
traefik_internal:
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
mem_limit: 512M
But now I got always only the following error message:
time="2021-01-18T22:09:30Z" level=info msg="Valid token found."
Failed to send notification via shoutrrr (url=smtp://:@`anonymizedmyhost`:25/?auth=None&encryption=None&fromaddress=`myanomizedmailaddress`&fromname=Watchtower&starttls=Yes&subject=Watchtower updates on cdb65925767a&toaddresses=`myanomizedmailaddress`&usehtml=No): error enabling StartTLS: x509: certificate is valid for autoconfig.`anonym`, autoconfig.`anonym`, mail.`anonym`, not mail.x47.`anonym`
time="2021-01-18T22:09:35Z" level=info msg="Valid token found."
So how I can use not shoutrrr or how I can bring shoutrrr to skip certificate check?
Easiest way to get it working is by using:
- WATCHTOWER_NOTIFICATIONS=shoutrrr
- WATCHTOWER_NOTIFICATION_URL=smtp://:@`anonymizedmyhost`:25/?auth=None&encryption=None&fromaddress=`myanomizedmailaddress`&fromname=Watchtower&starttls=Nos&subject=Watchtower updates on cdb65925767a&toaddresses=`myanomizedmailaddress`&usehtml=No
But replace it with the actual URL from your error message, the important part is to change starttls=Yes
to starttls=No
Thanks for the idea of this workaround, but it solves not the original problem or?
It should. This will disable explicit TLS.
Yes but why exists an environment variable which does not work?
@8ear We're gonna remove the "legacy" env vars in a future version (hopefully soon). This is just to keep some kind of compatibility meanwhile people migrate to using shoutrrr. Thanks for understanding!
Easiest way to get it working is by using:
- WATCHTOWER_NOTIFICATIONS=shoutrrr - WATCHTOWER_NOTIFICATION_URL=smtp://:@`anonymizedmyhost`:25/?auth=None&encryption=None&fromaddress=`myanomizedmailaddress`&fromname=Watchtower&starttls=Nos&subject=Watchtower updates on cdb65925767a&toaddresses=`myanomizedmailaddress`&usehtml=No
But replace it with the actual URL from your error message, the important part is to change
starttls=Yes
tostarttls=No
Disabling StartTLS and skipping TLS verify isn't the same thing right? With ProtonMail bridge docker I need StartTLS but have to skip certificate verification.
Otherwise I get:
watchtower | time="2023-07-12T21:12:17+02:00" level=error msg="Failed to send shoutrrr notification" error="error enabling StartTLS: x509: certificate is valid for 127.0.0.1, not 10.0.2.100" index=0 notify=no service=smtp
While protonmail bridge docker is a hacky solution, WATCHTOWER_NOTIFICATION_EMAIL_SERVER_TLS_SKIP_VERIFY might have fixed this issue.