SMTP issue: "Hostname/IP does not match certificate's altnames"

alex_st · June 24, 2023, 9:36am

Hello,

Following the guide you have for my hosting, I installed n8n on Docker and am trying to configure its SMTP to work properly.

I’ve set SMTP SSL to off and use port 587, because Hetzner is blocking by default port 465 and can’t unblock it for me right now, because I signed up recently.

I’ve added to my .env the following (data sanitized):

SMTP_HOST="SMTP host domain"
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER="Email"
SMTP_PASSWORD="password"
SMTP_SENDER="Email"

Then I added to docker-compose.yml under environment: the following:

 - N8N_EMAIL_MODE=smtp
 - N8N_SMTP_HOST=${SMTP_HOST}
 - N8N_SMTP_PORT=${SMTP_PORT}
 - N8N_SMTP_USER=${SMTP_USER}
 - N8N_SMTP_PASS=${SMTP_PASSWORD}
 - N8N_SMTP_SENDER=${SMTP_SENDER}
 - N8N_SMTP_SSL=${SMTP_SECURE}

With this configuration, when I try to invite a team member via email, I receive the following error:

Couldn't send invite email Could not invite Hostname/IP does not match certificate's altnames: Host: {Host name I've entered in .env}. is not in the cert's altnames: DNS:*{.an old nameserver of my email's hosting}, DNS:{an old nameserver of my email's hosting}

The domain and the SMTP host I’m using have no issues with SSL. When I run SSL Labs test on the SMTP host, I receive overall rating A:

Certificate: 100%
Protocol Support: 100%
Key Exchange: 90%
Cipher Strength: 90%

The SMTP host is listed as an “Alternative names” in the SSL Labs test’s results.

n8n and the email are hosted on different servers.

Do you have any idea what could be causing the issue and how can I fix it?

Thank you!

Describe the problem/error/question

What is the error message (if any)?

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

n8n version:
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

Jon · June 26, 2023, 7:27am

Hey @alex_st,

Welcome to the community

The error looks to suggest the SSL Cert for the mail service is not correct, My first thought is maybe when you did the check on SSL Labs you were checking HTTPS not SMTP. It could be worth double checking the mail service again to make sure it is using the correct cert.

alex_st · June 26, 2023, 10:27am

Hey, @Jon,

Thank you very much!

It seems there is indeed an issue with the certificate.

I think this error could be easily avoided if there is a way to skip server certificate verification.

Do you know if this can be somehow configured?

MAIL_VERIFY_SSL=false or something like that?

I can’t see such option in the Configuration environment variables.

Jon · June 26, 2023, 10:35am

Hey @alex_st,

There is no option to ignore ssl issues for the user management feature at the moment. You can however use the feature without smtp to invite your users and the invite url can be copied from the UI and emailed manually if it helps.

alex_st · June 26, 2023, 10:38am

I see.

Maybe I would try with another email address, because I would like to have at least the password reset feature available.

Hopefully an option to ignore ssl issues will be available in future releases.

Thank you for your replies, Jon!

Jon · June 26, 2023, 2:00pm

Hey @alex_st,

It shouldn’t be that tricky to add, I might have a quick look later this week as I have not touched that part of n8n yet so would be interesting to dig into.

alex_st · August 5, 2023, 6:14pm

Hey, @Jon,

Thank you very much for working on this!

I noticed that you and your colleagues pushed the following bug fix with the latest update of n8n - version 1.1.1:

core: Allow ignoring SSL issues on generic oauth2 credentials

I see the switch for ignoring SSL issues for email triggers, nodes and IMAP credentials.

However, I’m not really sure if that could be activated for the email, associated with the n8n installation, from which team member invitations and password resets should be sent. I’ve set up the email in my config file.

If that’s possible, please let me know if you have any idea how exactly should that be formatted.

I am using the following schema for my config file, which was last updated two months ago:

github.com

n8n-io/n8n/blob/[email protected]/packages/cli/src/config/schema.ts#L1


      
          /* eslint-disable no-restricted-syntax */
          /* eslint-disable @typescript-eslint/no-unsafe-assignment */
          import path from 'path';
          import convict from 'convict';
          import { UserSettings } from 'n8n-core';
          import { jsonParse } from 'n8n-workflow';
          import { IS_V1_RELEASE } from '@/constants';
          
          
convict.addFormat({
          	name: 'nodes-list',
          	// @ts-ignore

Thank you!

Jon · August 7, 2023, 7:15am

Hey @alex_st,

That fix is for oauth rather than SMTP for the user management feature, We have not yet added an option for the actual user management feature yet.

alex_st · August 7, 2023, 6:04pm

Thanks, @Jon!

I am looking forward to exploring the new user management feature once it will be available!

Cheers!

system · November 5, 2023, 6:04pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.