An error occurred while sending mail

[tanmoyrsc]

Hi, Redmine failed to send notification email, getting below error, can you please help to resolve this?

An error occurred while sending mail (SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate))

Br, Tanmoy

[marcosguedes]

This seems an issue with SMTP certificates. Have you tried using different SMTP settings?

These might be what you're looking for

SMTP_PORT: SMTP server port. Defaults to 587.
SMTP_STARTTLS: Enable STARTTLS. Defaults to true.
SMTP_TLS: Enable SSL/TLS. Defaults to false.
SMTP_SSL: Enable SSL. Defaults to false.

If there's an issue with the mail server certificate you might have luck sending unencrypted emails via SMTP_PORT=25 and SMTP_STARTTLS=false

[tanmoyrsc]

Hi,

below is my SMTP settings but still getting the error.

- SMTP_ENABLED=true
- SMTP_METHOD=smtp
- SMTP_DOMAIN=xxxxxx.com
- SMTP_HOST=smtp-xxx.xxx.xxx
- SMTP_PORT=25
- SMTP_TLS=false
- SMTP_STARTTLS=false
- SMTP_AUTHENTICATION=:none
- SMTP_OPENSSL_VERIFY_MODE=none

[marcosguedes]

There's nothing wrong I can see from your settings apart from SMTP_AUTHENTICATION which should be set to :login, but wouldn't probably generate this error.

Could you try diferent settings?

- SMTP_PORT=465
- SMTP_TLS=false
- SMTP_STARTTLS=false
- SMTP_SSL=true

or

- SMTP_PORT=587
- SMTP_TLS=false
- SMTP_STARTTLS=true
- SMTP_SSL=false

I can't provide much more help. From the error it seems the issue might be misconfigurations between ports and protocols so you might have to fiddle with the settings above and try different ports and protocols if you haven't already tried.

If the mail server uses self-signed certificates you might also need to add those certificates to SMTP_CA_PATH or SMTP_CA_FILE then set SMTP_CA_ENABLED to true. I haven't tried it so I can't tell how effective it is.

Best of luck

[danone-dev]

I have the same, or a similar issue.

With the official Redmine docker image, I can get Redmine to send mails with this config:

    delivery_method: :smtp
    smtp_settings:
      address: 10.5.87.20
      port: 25
      openssl_verify_mode: none

With this image, I start the container with:

      SMTP_ENABLED: true
      SMTP_HOST: 10.5.87.20
      SMTP_PORT: 25
      SMTP_OPENSSL_VERIFY_MODE: none
      SMTP_STARTTLS: false

Which results in the following section in config/configuration.yml

    delivery_method: :smtp
    smtp_settings:
      enable_starttls_auto: false
      address: '10.5.87.20'
      port: 25
      domain: 'www.gmail.com'
      openssl_verify_mode: 'none'
      tls: false
      ssl: false

This results in the error An error occurred while sending mail (SSL_connect returned=1 errno=0 peeraddr=10.5.87.20:25 state=error: certificate verify failed (unable to get local issuer certificate))

I have edited assets/runtime/config/redmine/configuration.yml, commenting out ssl: {{SMTP_SSL}} and build a new image. After this, sending mails works again.

Is there a way to overwrite the configuration.yml? In the assets/runtime/functions I see USERCONF_TEMPLATES_DIR="${REDMINE_DATA_DIR}/config" which suggest the config file can be specified. I tried this by setting USERCONF_TEMPLATES_DIR: /home/redmine/data/config and putting a custom configuration.yml at my data/config location, but that did not work.

End result, ssl: false causes mails to fail, removing it from the config fixes it.

[marcosguedes]

Is there a way to overwrite the configuration.yml? In the assets/runtime/functions I see USERCONF_TEMPLATES_DIR="${REDMINE_DATA_DIR}/config" which suggest the config file can be specified. I tried this by setting USERCONF_TEMPLATES_DIR: /home/redmine/data/config and putting a custom configuration.yml at my data/config location, but that did not work.

End result, ssl: false causes mails to fail, removing it from the config fixes it.

See this answer about a different question: https://github.com/sameersbn/docker-redmine/issues/538#issuecomment-1917228462

If you want to try modifying it, you can volume mount over it.

    - ./config/nginx/redmine:/etc/docker-redmine/runtime/config/nginx/redmine:ro

And you can reload just nginx

docker-compose exec -T redmine nginx -s reload

In your case you can volume mount over redmine. That should work out although I haven't tested yet.

Let me know if it works as I'm also interested in knowing

[danone-dev]

My bad, I placed the configuration.yml template in the wrong dir. It should be in data/config/redmine and not in data/config So overriding configuration.yml now works, and I can solve the issue, but the fact remains that mails cannot be send with the default configuration.yml template.

[marcosguedes]

email delivery without certificates look like an edge case. configuration changes to support this case could hurts others who use regular SMTP delivery, I think. Do you have any proposal on how the yml should change if smtp settings are routed through mail servers without certificates?

I'm talking a bit out of my rear a bit, apologies if it appears simple to you

[danone-dev]

What I don't understand is why having ssl: false in the config makes the mails fail, and removing that line fixes it.

I'll have a go at modifying the redmine_configure_email_delivery function. If SMTP_SSL is set, leave it in the config, if it is not set, remove the ssl: line from configuration.yml

That should work for everyone.

[jcormier]

Thanks @danone-dev for looking into this.

The action mailer docs seem very vague on what the valid settings of these configs are. Perhaps ssl and tls just have to be present to be enabled and the value is ignored. I can't tell... but if it makes it work then that's proof enough.. https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration

[danone-dev]

At least the tls setting does not break anything when set to false