baptisteArno
commented
8 months ago Make sure your VPS has the SMTP port opened
Open NunoHiggs opened 8 months ago
baptisteArno
commented
8 months ago Make sure your VPS has the SMTP port opened
NunoHiggs
commented
8 months ago Make sure your VPS has the SMTP port opened
This is an internal VPS that has smtp, its running and receiving (and sending emails). This is visible from the tcpdump log that i pasted above:
18:51:24.761004 IP 172.16.0.66.59242 > mail.net.xpto.smtp: length 18: SMTP: EHLO [127.0.0.1] 18:51:24.762519 IP mail.net.xpto.smtp > 172.16.0.66.59242: length 132: SMTP: 250-mail 18:51:24.763171 IP 172.16.0.66.59242 > mail.net.xpto.smtp: length 10: SMTP: STARTTLS 18:51:24.763279 IP mail.net.xpto.smtp > 172.16.0.66.59242: length 30: SMTP: 220 2.0.0 Ready to start TLS
baptisteArno
commented
8 months ago Can you pull the next docker tag? It should have an improved error message. (595bffc38d65b5f5ef0ec07bec00e9eebb7657f8)
Let us know what it says then :)
NunoHiggs
commented
8 months ago Hi,
Thanks for this version. It helps a lot diagnosing the problem. It appears to be complaining about the email host certificate does not posses the configured-in-.env email host altnames. Is there a way to say to ignore this? Also, my config states that it should not be using SSL/TLS on smtp and it still is:
# grep SMTP_SECURE .env
SMTP_SECURE=falseI tested with and without SMTP_SECURE=false and it always defaults to TLS upon connection. Logs:
# docker logs typebot01-typebot-builder-1
- event [next-runtime-env] read environment variables prefixed with 'NEXT_PUBLIC_' from process.env.
- ready [next-runtime-env] wrote browser runtime environment variables to '/app/apps/builder/public/__ENV.js'.
Waiting for 15s for database to be ready...
Prisma schema loaded from packages/prisma/postgresql/schema.prisma
Datasource "db": PostgreSQL database "typebot", schema "public" at "typebot-db:5432"
64 migrations found in prisma/migrations
No pending migrations to apply.
â–² Next.js 14.1.0
- Local: http://localhost:3000
- Network: http://0.0.0.0:3000
✓ Ready in 2.8s
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: mail.net.xpto. is not in the cert's altnames: DNS:mail.xxxxxx.com
at new NodeError (node:internal/errors:405:5)
at Object.checkServerIdentity (node:tls:337:12)
at TLSSocket.onConnectSecure (node:_tls_wrap:1669:27)
at TLSSocket.emit (node:events:517:28)
at TLSSocket.emit (node:domain:489:12)
at TLSSocket._finishInit (node:_tls_wrap:1070:8)
at ssl.onhandshakedone (node:_tls_wrap:856:12) {
reason: "Host: mail.net.xpto. is not in the cert's altnames: DNS:mail.xxxxxx.com",
host: 'mail.net.xpto',
cert: {
subject: [Object: null prototype] { CN: 'mail.xxxxxx.com' },
issuer: [Object: null prototype] { C: 'US', O: "Let's Encrypt", CN: 'R3' },
subjectaltname: 'DNS:mail.xxxxxx.com',
infoAccess: [Object: null prototype] {
'OCSP - URI': [Array],
'CA Issuers - URI': [Array]
},
ca: false,
modulus: '8AC16A1486A8511390F5EBA4D1DEFB0CC8313ADA1928D47F88A6F816F70D4D6DC9AAADDC7144D08A4BC5078872E0482AE54F4111DF8F4E6F86CF83CF7867E45ADC92A07A36D59C2829242F2B9B4698797CCBD602A98CD9EB50908B5294B62300FA664931206D4F214DDA4B331D94A7C8246FC6F59551B9D11124ABF01A8FD7B5FB8D813C205C12A3912EA5954CB6A4B13F9D14FDC5D958553E0BDF618C2F58D22131427B5AB845A4AE0985E65B17A8433A6F215F3EDF354F8347DB558A2D076CD8D6EDDB9EEE41D836F73C390488B1B877C81F868F1AACD754BC28394D118528B994CC980E0B208D56427A07E8C01740BC34D51D1C65685F453647F1E427025D',
bits: 2048,
exponent: '0x10001',
pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8a c1 6a 14 86 a8 51 13 90 f5 eb a4 d1 de fb 0c c8 ... 244 more bytes>,
valid_from: 'Feb 25 04:07:21 2024 GMT',
valid_to: 'May 25 04:07:20 2024 GMT',
fingerprint: 'E0:0C:7D:81:4F:6B:67:13:E0:80:AA:DE:B0:78:30:FB:5E:8C:41:4F',
fingerprint256: '1C:4D:2E:84:1A:B2:97:12:83:D8:96:69:66:BC:75:51:7D:15:01:92:38:48:9A:E6:41:80:89:01:93:F0:A1:0B',
fingerprint512: 'BB:6C:47:9E:03:38:12:FD:8C:FF:26:A8:B8:12:0D:42:F5:A7:09:DB:EF:71:6F:B7:F6:0B:2A:09:46:0D:58:40:F4:7D:E5:D4:BD:6F:6E:21:47:2D:C8:D9:79:9F:7B:0A:90:13:85:FB:98:FA:FF:5D:92:6A:55:61:F0:A3:15:AF',
ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ],
serialNumber: '04FE54A6EAE91B17C06F7659B79E635A7535',
raw: <Buffer 30 82 04 f3 30 82 03 db a0 03 02 01 02 02 12 04 fe 54 a6 ea e9 1b 17 c0 6f 76 59 b7 9e 63 5a 75 35 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 32 ... 1221 more bytes>,
issuerCertificate: {
subject: [Object: null prototype],
issuer: [Object: null prototype],
infoAccess: [Object: null prototype],
ca: true,
modulus: 'BB021528CCF6A094D30F12EC8D5592C3F882F199A67A4288A75D26AAB52BB9C54CB1AF8E6BF975C8A3D70F4794145535578C9EA8A23919F5823C42A94E6EF53BC32EDB8DC0B05CF35938E7EDCF69F05A0B1BBEC094242587FA3771B313E71CACE19BEFDBE43B45524596A9C153CE34C852EEB5AEED8FDE6070E2A554ABB66D0E97A540346B2BD3BC66EB66347CFA6B8B8F572999F830175DBA726FFB81C5ADD286583D17C7E709BBF12BF786DCC1DA715DD446E3CCAD25C188BC60677566B3F118F7A25CE653FF3A88B647A5FF1318EA9809773F9D53F9CF01E5F5A6701714AF63A4FF99B3939DDC53A706FE48851DA169AE2575BB13CC5203F5ED51A18BDB15',
bits: 2048,
exponent: '0x10001',
pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 02 15 28 cc f6 a0 94 d3 0f 12 ec 8d 55 92 c3 f8 ... 244 more bytes>,
valid_from: 'Sep 4 00:00:00 2020 GMT',
valid_to: 'Sep 15 16:00:00 2025 GMT',
fingerprint: 'A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05',
fingerprint256: '67:AD:D1:16:6B:02:0A:E6:1B:8F:5F:C9:68:13:C0:4C:2A:A5:89:96:07:96:86:55:72:A3:C7:E7:37:61:3D:FD',
fingerprint512: '96:C5:79:3B:2B:57:D8:DF:58:91:C9:40:15:72:09:60:E0:DA:4C:2C:F8:CE:1F:C5:70:7A:0B:46:E5:DB:8C:E3:76:1F:B5:FD:B4:30:F6:19:D1:57:9F:13:E8:0F:BD:D9:73:EF:6A:02:41:29:ED:03:9A:A1:93:27:31:58:FC:AD',
ext_key_usage: [Array],
serialNumber: '912B084ACF0C18A753F6D62E25A75F5A',
raw: <Buffer 30 82 05 16 30 82 02 fe a0 03 02 01 02 02 11 00 91 2b 08 4a cf 0c 18 a7 53 f6 d6 2e 25 a7 5f 5a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 ... 1256 more bytes>,
issuerCertificate: [Object]
}
},
code: 'ESOCKET',
command: 'CONN'
}
[next-auth][error][SIGNIN_EMAIL_ERROR]
https://next-auth.js.org/errors#signin_email_error Magic link email could not be sent. See error above. {
error: {
message: 'Magic link email could not be sent. See error above.',
stack: 'Error: Magic link email could not be sent. See error above.\n' +
' at Object.s [as sendVerificationRequest] (/app/apps/builder/.next/server/chunks/524.js:1:4003)\n' +
' at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
' at async Promise.all (index 0)\n' +
' at async email (/app/node_modules/.pnpm/next-auth@4.22.1_next@14.1.0_nodemailer@6.9.3_react-dom@18.2.0_react@18.2.0/node_modules/next-auth/core/lib/email/signin.js:31:3)\n' +
' at async Object.signin (/app/node_modules/.pnpm/next-auth@4.22.1_next@14.1.0_nodemailer@6.9.3_react-dom@18.2.0_react@18.2.0/node_modules/next-auth/core/routes/signin.js:115:24)\n' +
' at async AuthHandler (/app/node_modules/.pnpm/next-auth@4.22.1_next@14.1.0_nodemailer@6.9.3_react-dom@18.2.0_react@18.2.0/node_modules/next-auth/core/index.js:260:26)\n' +
' at async NextAuthApiHandler (/app/node_modules/.pnpm/next-auth@4.22.1_next@14.1.0_nodemailer@6.9.3_react-dom@18.2.0_react@18.2.0/node_modules/next-auth/next/index.js:22:19)\n' +
' at async w (/app/apps/builder/.next/server/chunks/524.js:1:7929)\n' +
' at async K (/app/node_modules/.pnpm/next@14.1.0_@babel+core@7.22.9_react-dom@18.2.0_react@18.2.0/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16545)\n' +
' at async U.render (/app/node_modules/.pnpm/next@14.1.0_@babel+core@7.22.9_react-dom@18.2.0_react@18.2.0/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16981)',
name: 'Error'
},
providerId: 'email',
message: 'Magic link email could not be sent. See error above.'
}It means your SMTP server has STARTTLS enabled. See secure attribute here: (https://nodemailer.com/smtp/)
I guess I can add a variable named STMP_IGNORE_TLS. To make sure it never tries to use TLS
nesherofek
commented
3 months ago +1, would like to have this config as well
Messhias
commented
3 months ago Any updates on this?
paulo-hortelan
commented
2 weeks ago +1, this config would be of great utility
Hi,
Latest version docker container installed. When i try to send the authentication link email i am getting this error:
No pending migrations to apply. â–² Next.js 14.1.0
My configuration is as follows:
internal smtp relay, internal smtp/email destination, internal smtp auth user, internal resolvable private domain.
cat .env
Is it possible to understand how to debug this further? I had a tcpdump running on the docker host, and i see it connecting to smtp over TLS, but it sits there and stops, so it did authenticate properly against the smtp server. I also tried with SMTP_SECURE=true and the results are the same.