Unable to send mail "SSL_connect returned=1 ... certificate verify failed (Hostname mismatch)"

[cheywood]

Describe the bug

Huginn is no longer able to send mail, it seems to relate to this upstream issue, however I'm creating here in case it's been triggered by a configuration change. This mail agent was working in the past, it's stopped sometime in the last few months.

There are a number of domains configured on this YunoHost instance.

The top section of the log from Huginn UI, I can provide more (but the upstream issue is likely more useful?)

SSL_connect returned=1 errno=0 peeraddr=[::1]:25 state=error: certificate verify failed (Hostname mismatch)
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/net-protocol-0.2.2/lib/net/protocol.rb:46:in `connect_nonblock'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/net-protocol-0.2.2/lib/net/protocol.rb:46:in `ssl_socket_connect'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/net-smtp-0.5.0/lib/net/smtp.rb:707:in `tlsconnect'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/net-smtp-0.5.0/lib/net/smtp.rb:683:in `do_start'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/net-smtp-0.5.0/lib/net/smtp.rb:642:in `start'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/mail-2.8.1/lib/mail/network/delivery_methods/smtp.rb:109:in `start_smtp_session'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/mail-2.8.1/lib/mail/network/delivery_methods/smtp.rb:100:in `deliver!'
/var/www/huginn/vendor/bundle/ruby/3.2.0/gems/mail-2.8.1/lib/mail/message.rb:2145:in `do_delivery'

Context

• Hardware: VPS bought online
• YunoHost version: 11.2.27
• I have access to my server: Through SSH | through the webadmin
• Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
• Current package version: 2024.07.06~ynh1

Steps to reproduce

• If the error occurs in your browser, explain what you did:
  1. Add a Email Agent
  2. Create an agent which sends with it
  3. Failure? Unsure the criteria.

Expected behavior

The alert mails to send

Logs

There's a snippet above, and as stated there let me know if more is useful

[cheywood]

I had a brief prod at working around this for now. It seems, at least on this instance, having the SMTP server set to localhost no longer works. Some change in Huginn, Ruby or the mail server means that the server now needs to be configured in Huginn to match the name on the certificate.

In case this may help others (or future self), that can be done by changing SMTP_SERVER in /var/www/huginn/.env, eg. something like

yunohost service stop huginn-web
yunohost service stop huginn-jobs
vim /var/www/huginn/.env
yunohost service start huginn-jobs
yunohost service start huginn-web

(I'm in so way suggesting this is the right or best way, it's just what quickly worked here)

Also, this can be used to get the server name from the certificate in the case of multiple domains on one instance and not being sure which is on the cert: openssl s_client -starttls smtp -crlf -connect localhost:587

Leaving the issue open as this is obviously a temporary workaround.