SMTP Error due to SSL #1136

New issue

Closed

opened 2026-02-20 08:07:45 -05:00 by deekerman · 2 comments

deekerman commented

2026-02-20 08:07:45 -05:00

Owner

Originally created by @dl-lim on GitHub (Oct 14, 2021).

Deployment environment

docker image vaultwarden/server:1.21.0-alpine
Reverse proxy and version: docker image jc21/nginx-proxy-manager:2.9.7

Reverse proxy works and SSL is up-to-date. This feature used to work well under the same conditions.

Steps to reproduce

Didn't have this issue previously on this version, even. But recently, when I did the following, it did not succeed.

I added a new user to the organisation, and Smtp error message showed in red. Logs shown above.

No emails were sent, and no emails were received. User was not able to be confirmed in vaultwarden

Expected behaviour

Email should be sent and received.

Troubleshooting data

[2021-10-14 10:56:29.636][request][INFO] POST /api/organizations/35666776-afda-4a1b-9bf9-8912a6333b55/users/1312eca0-1eb6-4631-b26c-c246a111a8c0/reinvite
[2021-10-14 10:56:30.119][error][ERROR] SmtpError.
[CAUSE] lettre::transport::smtp::Error {
    kind: Connection,
    source: Failure(
        Ssl(
            Error {
                code: ErrorCode(
                    1,
                ),
                cause: Some(
                    Ssl(
                        ErrorStack(
                            [
                                Error {
                                    code: 336134278,
                                    library: "SSL routines",
                                    function: "ssl3_get_server_certificate",
                                    reason: "certificate verify failed",
                                    file: "s3_clnt.c",
                                    line: 1269,
                                },
                            ],
                        ),
                    ),
                ),
            },
            X509VerifyResult {
                code: 10,
                error: "certificate has expired",
            },
        ),
    ),
}
[2021-10-14 10:56:30.119][response][INFO] POST /api/organizations/<org_id>/users/<user_org>/reinvite (reinvite_user) => 400 Bad Request

Originally created by @dl-lim on GitHub (Oct 14, 2021). ### Deployment environment * docker image vaultwarden/server:1.21.0-alpine * Reverse proxy and version: docker image jc21/nginx-proxy-manager:2.9.7 Reverse proxy works and SSL is up-to-date. This feature used to work well under the same conditions. ### Steps to reproduce Didn't have this issue previously on this version, even. But recently, when I did the following, it did not succeed. I added a new user to the organisation, and `Smtp error` message showed in red. Logs shown above. No emails were sent, and no emails were received. User was not able to be confirmed in vaultwarden ### Expected behaviour Email should be sent and received. ### Troubleshooting data ``` [2021-10-14 10:56:29.636][request][INFO] POST /api/organizations/35666776-afda-4a1b-9bf9-8912a6333b55/users/1312eca0-1eb6-4631-b26c-c246a111a8c0/reinvite [2021-10-14 10:56:30.119][error][ERROR] SmtpError. [CAUSE] lettre::transport::smtp::Error { kind: Connection, source: Failure( Ssl( Error { code: ErrorCode( 1, ), cause: Some( Ssl( ErrorStack( [ Error { code: 336134278, library: "SSL routines", function: "ssl3_get_server_certificate", reason: "certificate verify failed", file: "s3_clnt.c", line: 1269, }, ], ), ), ), }, X509VerifyResult { code: 10, error: "certificate has expired", }, ), ), } [2021-10-14 10:56:30.119][response][INFO] POST /api/organizations/<org_id>/users/<user_org>/reinvite (reinvite_user) => 400 Bad Request ```

deekerman closed this issue

2026-02-20 08:07:46 -05:00

deekerman commented

2026-02-20 08:07:46 -05:00

Author

Owner

@BlackDex commented on GitHub (Oct 14, 2021):

The mail server you are using is using an invalid certificate. Looking at the message it is expired.

@BlackDex commented on GitHub (Oct 14, 2021): The mail server you are using is using an invalid certificate. Looking at the message it is expired.

deekerman commented

2026-02-20 08:07:46 -05:00

Author

Owner

@BlackDex commented on GitHub (Oct 14, 2021):

Ah, wait, you are using an older alpine image i see.
It could be that this has something to do with the Lets Encrypt Certificate DST Root which is expired.
This will probably be fixed if you are going to use the testing image instead of the latest.

The testing image is using the latest OpenSSL version which ignores that certificate and looks at the next one.

@BlackDex commented on GitHub (Oct 14, 2021): Ah, wait, you are using an older alpine image i see. It could be that this has something to do with the Lets Encrypt Certificate DST Root which is expired. This will probably be fixed if you are going to use the `testing` image instead of the `latest`. The `testing` image is using the latest OpenSSL version which ignores that certificate and looks at the next one.