Mailing not working - Error "Unable to connect with STARTTLS"

[floschoepfer]

Debug mode

• [X] I have enabled debug mode
• [X] I have read checked the Common Issues page

Describe the bug

Since I updated from v6 to v7 (v7.0.6), I get an Error 500 when using the mailing function. I did not change anything in my .env file and there was nothing changed on our mail server. Shortly before I updated, I used the mailing function, and it worked just fine. But after the update, I get this Error 500 and with debug mode enabled, this is the description:

Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:0A000086:SSL routines::certificate verify failed

Reproduction steps

1. Update from v6 to v7
2. Use the maling function (I tested it with the manual usage via a user and then click Email List of All Assigned
3. The Error gets displayed

Expected behavior

The mailing should work like in v6. Or was there a significant change of the mailing function?

Screenshots

No response

Snipe-IT Version

v7.0.6 build 14112 (ge1a6b441d)

Operating System

Ubuntu 22.04.4 LTS

Web Server

Apache I think (installed via the Installer from you)

PHP Version

8.1.2-1ubuntu2.18

Operating System

Windows 10 Pro

Browser

Microsoft Edge

Version

120.0.2210.91

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

[13:32:18] LOG.error: Symfony\Component\Mailer\Exception\TransportException: Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed in /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/Stream/SocketStream.php:171
Stack trace:
#0 [internal function]: Symfony\Component\Mailer\Transport\Smtp\Stream\SocketStream->Symfony\Component\Mailer\Transport\Smtp\Stream\{closure}()
#1 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/Stream/SocketStream.php(174): stream_socket_enable_crypto()
#2 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/EsmtpTransport.php(152): Symfony\Component\Mailer\Transport\Smtp\Stream\SocketStream->startTLS()
#3 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/EsmtpTransport.php(118): Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport->doEhloCommand()
#4 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/SmtpTransport.php(254): Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport->executeCommand()
#5 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/SmtpTransport.php(277): Symfony\Component\Mailer\Transport\Smtp\SmtpTransport->doHeloCommand()
#6 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/SmtpTransport.php(209): Symfony\Component\Mailer\Transport\Smtp\SmtpTransport->start()
#7 /var/www/html/snipeit/vendor/symfony/mailer/Transport/AbstractTransport.php(69): Symfony\Component\Mailer\Transport\Smtp\SmtpTransport->doSend()
#8 /var/www/html/snipeit/vendor/symfony/mailer/Transport/Smtp/SmtpTransport.php(137): Symfony\Component\Mailer\Transport\AbstractTransport->send()
#9 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Mail/Mailer.php(573): Symfony\Component\Mailer\Transport\Smtp\SmtpTransport->send()
#10 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Mail/Mailer.php(335): Illuminate\Mail\Mailer->sendSymfonyMessage()
#11 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/Channels/MailChannel.php(69): Illuminate\Mail\Mailer->send()
#12 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(148): Illuminate\Notifications\Channels\MailChannel->send()
#13 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(106): Illuminate\Notifications\NotificationSender->sendToNotifiable()
#14 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Support/Traits/Localizable.php(29): Illuminate\Notifications\NotificationSender->Illuminate\Notifications\{closure}()
#15 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(109): Illuminate\Notifications\NotificationSender->withLocale()
#16 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/NotificationSender.php(79): Illuminate\Notifications\NotificationSender->sendNow()
#17 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/ChannelManager.php(39): Illuminate\Notifications\NotificationSender->send()
#18 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Notifications/RoutesNotifications.php(18): Illuminate\Notifications\ChannelManager->send()
#19 /var/www/html/snipeit/app/Http/Controllers/Users/UsersController.php(649): App\Models\User->notify()
#20 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): App\Http\Controllers\Users\UsersController->emailAssetList()
#21 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(43): Illuminate\Routing\Controller->callAction()
#22 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Route.php(260): Illuminate\Routing\ControllerDispatcher->dispatch()
#23 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController()
#24 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Router.php(806): Illuminate\Routing\Route->run()
#25 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\Routing\Router->Illuminate\Routing\{closure}()
#26 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Session/Middleware/AuthenticateSession.php(60): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#27 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Session\Middleware\AuthenticateSession->handle()
#28 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Auth/Middleware/Authenticate.php(57): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#29 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Auth\Middleware\Authenticate->handle()
#30 /var/www/html/snipeit/app/Http/Middleware/AssetCountForSidebar.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#31 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\AssetCountForSidebar->handle()
#32 /var/www/html/snipeit/vendor/laravel/passport/src/Http/Middleware/CreateFreshApiToken.php(63): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#33 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Laravel\Passport\Http\Middleware\CreateFreshApiToken->handle()
#34 /var/www/html/snipeit/app/Http/Middleware/CheckForTwoFactor.php(59): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#35 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\CheckForTwoFactor->handle()
#36 /var/www/html/snipeit/app/Http/Middleware/CheckUserIsActivated.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#37 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\CheckUserIsActivated->handle()
#38 /var/www/html/snipeit/app/Http/Middleware/CheckLocale.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#39 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\CheckLocale->handle()
#40 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#41 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#42 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#43 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#44 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#45 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#46 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#47 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Router.php(807): Illuminate\Pipeline\Pipeline->then()
#48 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Router.php(784): Illuminate\Routing\Router->runRouteWithinStack()
#49 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Router.php(748): Illuminate\Routing\Router->runRoute()
#50 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Routing/Router.php(737): Illuminate\Routing\Router->dispatchToRoute()
#51 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(200): Illuminate\Routing\Router->dispatch()
#52 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(144): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}()
#53 /var/www/html/snipeit/vendor/livewire/livewire/src/DisableBrowserCache.php(19): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#54 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Livewire\DisableBrowserCache->handle()
#55 /var/www/html/snipeit/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(66): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#56 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Barryvdh\Debugbar\Middleware\InjectDebugbar->handle()
#57 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#58 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Http\Middleware\HandleCors->handle()
#59 /var/www/html/snipeit/app/Http/Middleware/PreventBackHistory.php(23): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#60 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\PreventBackHistory->handle()
#61 /var/www/html/snipeit/app/Http/Middleware/SecurityHeaders.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#62 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\SecurityHeaders->handle()
#63 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#64 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php(31): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#65 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull->handle()
#66 /var/www/html/snipeit/app/Http/Middleware/CheckForDebug.php(25): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#67 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\CheckForDebug->handle()
#68 /var/www/html/snipeit/app/Http/Middleware/CheckForSetup.php(25): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#69 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\CheckForSetup->handle()
#70 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#71 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#72 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#73 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#74 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Session\Middleware\StartSession->handle()
#75 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(99): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#76 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
#77 /var/www/html/snipeit/app/Http/Middleware/NoSessionStore.php(28): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#78 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(183): App\Http\Middleware\NoSessionStore->handle()
#79 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}()
#80 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(175): Illuminate\Pipeline\Pipeline->then()
#81 /var/www/html/snipeit/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(144): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#82 /var/www/html/snipeit/public/index.php(52): Illuminate\Foundation\Http\Kernel->handle()
#83 {main}

[13:32:18] LOG.error: Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:0A000086:SSL routines::certificate verify failed {
    "userId": 305,
    "exception": {}
}

Additional context

After Upgrade from v6 to v7

[LRA-Fr3d]

I can confirm this problem! After upgrade from v6 to v7 mails are not sent anymore. The logs look similiar to the ones above. Interesting is, that we don't use encryption at all (MAIL_ENCRYPTION=null in .env) but still get an error saying certificate verify failed.

[floschoepfer]

Thank you for your report @LRA-Fr3d We don't use encryption as well and set the variable like you at null in the .env file. On v6 this worked like it should with this. @snipe are you aware of this issue?

[snipe]

This is a duplicate of #14909 no?

[floschoepfer]

This is a duplicate of #14909 no?

I just tested this (I had to read through this case until I found the setting I needed) and it worked now, thank you for the hint!

@LRA-Fr3d you have to add MAIL_TLS_VERIFY_PEER=false to your .env file, and you can delete the line with MAIL_ENCRYPTION=null, since this does not do anything now.

https://github.com/snipe/snipe-it/issues/14909#issuecomment-2181198519:

Symfony tries to be "smart" and "secure" at the same time, and takes a lot of control away... for instance MAIL_ENCRYTION=null no longer does anything.. it just decides to use encryption if the server advertises it, which can be a problem if the certificate say one thing and you access it as a different name.... like with an IP address. I'm guessing that's what happening here.

For your old configuration, you may need to add MAIL_TLS_VERIFY_PEER=false

@snipe Maybe it would make sense to change this in the documentation, so other people will find this by themselves? https://snipe-it.readme.io/docs/configuration#required-outgoing-mail-settings

[snipe]

Docs updated - thanks for the reminder!

[sarhaynes]

I ran into this problem and was reading the documentation. Having the MAIL_TLS_VERIFY_PEER=false statement sort of as a footnote to the table in the docs makes it a little hard to find. I would recommend that it be added to the table with a description even though it is not technically "required".

[Akhun-Delar]

I would like to add that the acceptance of the item is not properly logged when the mail function fails. The signature file as well as EULA PDF is definitely there, but it's not shown; neither in the Dashboard history nor in the Asset history. @snipe