Symfony is throwing error when I try to send email. Apparently there is ssl certificate verification failure. The project is running on linux nginx server.
The .env file has following configuration.
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login
Error log
app.ERROR: Could not send mail: Failed sending mail to following
recipients: {{ recipients }} with Error: Connection could not be
established with host "ssl://mail.ourserver.de :465":
stream_socket_client(): SSL operation failed with code 1. OpenSSL
Error messages: error:1416F086:SSL
routines:tls_process_server_certificate:certificate verify failed
Error Code:0
Do I need to get ssl certificate for the domain in this case "mail.ourserver.de" and add cert and key in linux openssl configuration?
A hack to make it work! I have found it in stackoverflow answers, but not sure if it's a good practice and does that make the ssl connection vulnerable to attack?
verify_peer=false parameter
MAILER_URL=smtp://user:pass#mail.ourserver.de??encryption=ssl&auth_mode=login&verify_peer=false
If i disable verify_peer option, it does work, but Is ssl verification taking place when peer verification is set to false or it's being completely disabled?
It's failing to verify your server's certificate. There's a guide for checking and updating certificates here. (it's for PHPMailer but the parts regarding certificates are still relevant)
If you did not add a SSL certificate yourself, but use SSL, you probably have an autogenerated, self signed certificate in place.
Yes, you should assign a domain name to the server and get some valid, trusted SSL certificate for it. You can use the free LetsEncrypt service. The details depend on the mail server software.
I am using PHP's imap_open function to connect to an IMAP email server. This has been working fine for several years, but the email server was recently changed and I have started getting the following error:
"Cannot connect to mail server: Certificate failure for
subdomain.mail.domain.com: Unable to locate common name in
certificate"
The email server's tech support responded:
"The common name for our cert is "*.mail.domain.com". As it is a wildcard certificate, there is no explicit hostname for it. It appears that your scripts are expecting the certificate to return explicitly for "subdomain.mail.domain.com" when our wildcard certificate will not. This is why the error above occurs."
If I disable SSL certificate checking using the /novalidate-cert flag in the imap_open function I'm able to connect, but I'd obviously prefer to keep certificate validation enabled. Is there a way to do this with wildcard certificates and the imap_open function?
I was pulling my inboxes using php-imap/php-imap library and inboxes managed by CPanel. All in sudden script stopped with following error.
Connection error: Certificate failure for imap.domain.com:
Server name does not match certificate:
/OU=Domain Control Validated/OU=PositiveSSL/CN=<amazon.domain.com>
in /.../vendor/php-imap/php-imap/src/PhpImap/Mailbox.php
here is the imap path I am using:
{imap.domain.com:143/imap/tls}INBOX
I also tried {imap.domain.com:143/novalidate-cert/imap/tls}INBOX but all in vain.
What change could have have stopped it?
How to fix it and avoid such failure in future?
IMAP port is 993..143 for POP..Try it..
{imap.domain.com:993/imap/ssl/novalidate-cert}INBOX
I'm building a website, and part of it needs to send emails (one for account password reset links, the other for general user-admin contact). I've been using PearMailer to send emails through a GMail account, and that's worked fine...until now. For some reason, it's stopped sending emails, and it's giving me this very unhelpful error:
[message] => Failed to connect to ssl://smtp.gmail.com:465 [SMTP: Failed to connect socket: fsockopen(): unable to connect to ssl://smtp.gmail.com:465 (Unknown error) (code: -1, response: )
openSSL is enabled, and all the credentials I'm using are correct (I can manually sign in to that GMail account using them).
This is the code I'm using, where $config holds the account credentials, and the $_POST data is from the Contact Us form (ignore the lack of sanitization on it while I'm developing):
require_once "Mail.php";
$params=array(
"host"=>"ssl://smtp.gmail.com",
"port"=>465,
"auth"=>true,
"username"=>$config["mailFrom"],
"password"=>$config["mailPass"]
);
$headers=array(
"To"=>$config["mailFrom"],
"From"=>$_POST['user']." <".$_POST["reply-to"].">",
"Content-type"=>"text/html",
"Subject"=>$_POST['subject']
);
$mail=Mail::factory("smtp", $params);
$sent=$mail->send($config["mailFrom"], $headers, htmlentities($_POST['body']));
It should be sending my GMail account an email from itself, but instead, it's giving me the error I mentioned above. After changing the to and from addresses, no matter what, it still gives me that error. Which is especially strange, since almost identical code is what I've been using to send password reset links, and that was working fine until just now; of course, it too is now failing to connect.
I can't find anything saying Google has changed its settings, and I absolutely haven't gone over the 2,000 messages per day limit that smtp.gmail.com is supposed to allow, so what's going on here?
My solution: switched from PearMailer to SwiftMailer, and in that, I'm setting the SSL options verify_peer and verify_peer_name to false using $transport->setStreamOptions. That seems to send mail just fine now. (Without those options disabled, apparently GMail's SSL certificates aren't compatible with newer versions of PHP. Go figure.)
EDIT:
I'm not really sure if this will work for you, try:
$params=array(
"host"=>"smtp.gmail.com",
"port"=>587,
"auth"=>true,
"username"=>$config["mailFrom"],
"password"=>$config["mailPass"]
);
This will use TLS instead of SSL. Give it a try.
i'm using mandrill and setting up webhooks is failing. i moved my domain to a new server and set up ssl again.
now when i look at the web hooks admin page i see this error:
- Error: POST to https://my.website.com/hooks/mandrill.php failed: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
when i try to change the url for this webhook, all i get is
- We can't verify that the URL exists. More info
when i contacted mandrill support they suggested that it may be missing intermediate CA for my SSL cert. That browsers wouldn't care but the server did care and would fail.
this url helped me figure out that indeed my intermediate CA was not installed
- https://www.sslshopper.com/ssl-checker.html
ends up i didn't have the intermediate CA enabled in /etc/httpd/conf.d/ssl.conf. the lines were commented out. i removed the comments and restarted apache and all is working well now.
i could save the changed webhook and when i clicked send test it sent them. however there still was a stale error on the webhook about the ssl issue. but it was no longer preventing me from editting or sending webhooks
hope this saves someone else some time