Failed to send email. Reason: self signed certificate

Developer help
1

  • What’s your URL?
    Only internally accessible

  • What version of Ghost are you using?
    Ghost-CLI version: 1.24.0
    Ghost version: 5.34.1 (at /var/www/ghost)

  • How was Ghost installed and configured?
    Ghost was installed and configured manually according to the documentation.

  • What Node version, database, OS & browser are you using?
    Node: v14.21.2
    Database: mysql Ver 8.0.32 for Linux on x86_64 (MySQL Community Server - GPL)
    OS: Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-188-generic x86_64) /w latest updates
    Browser: Mozilla Firefox 110.0, but happens with every browser

  • What errors or information do you see in the console?

user@server:/var/www/ghost$ ghost log

Love open source? We’re hiring JavaScript Engineers to work on Ghost full-time.
https://careers.ghost.org


+ sudo systemctl is-active ghost
? Sudo Password [hidden]
[2023-02-17 10:21:54] INFO "GET /content/images/size/w1000/2023/02/AdobeStock_357298661.jpeg" 200 10ms
[2023-02-17 10:21:55] INFO "GET /assets/ghostHunter/dist/jquery.ghosthunter.js/" 301 7ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/Blogartikel_Titelbild--1-.jpg" 200 10ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/AdobeStock_530740656.jpeg" 200 11ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/Bild1.jpg" 200 12ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/AdobeStock_487152003.jpeg" 200 15ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/01/Titelbild.png" 200 17ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/Confluence.jpg" 200 6ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/What-s-new_Personalmitteilungen-1.png" 200 17ms
[2023-02-17 10:21:55] INFO "GET /content/images/size/w1000/2023/02/What-s-new_Personalmitteilungen.png" 200 18ms
[2023-02-17 10:21:55] INFO "GET /assets/ghosthunter/dist/jquery.ghosthunter.js/" 404 56ms
[2023-02-17 10:21:55] INFO "GET /members/api/member/" 204 1ms
[2023-02-17 10:21:55] INFO "GET /ghost/api/content/settings/?key=a04ca70b0979a64c64fd2fdd3a&limit=all" 200 23ms
[2023-02-17 10:21:55] INFO "GET /ghost/api/content/newsletters/?key=a04ca70b0979a64c64fd2fdd3a&limit=all" 200 27ms
[2023-02-17 10:21:55] INFO "GET /ghost/api/content/tiers/?key=a04ca70b0979a64c64fd2fdd3a&limit=all&include=monthly_price,yearly_price,benefits" 200 34ms
[2023-02-17 10:21:56] INFO "GET /content/images/size/w256h256/2019/07/Icon_schwarz-1.png" 200 2ms
[2023-02-17 10:22:31] INFO "GET /" 200 148ms
[2023-02-17 10:23:31] INFO "GET /" 200 137ms
[2023-02-17 10:24:31] INFO "GET /" 200 127ms
[2023-02-17 10:25:31] INFO "GET /" 200 200ms

If you need any other logs, please let me know.

  • What steps could someone else take to reproduce the issue you’re having?
    I’m not sure how to reproduce the issue.

  • Mail config from config.production.json?

  "mail": {
    "transport": "SMTP",
    "options": {
      "host": "internal.mailserver.com",
      "port": 25
    }
  },

I’m getting the error “Failed to send email. Reason: self signed certificate. Please check your email settings and resend the invitation.” when I try to send invite mails to staff users.

We’re not using a self signed cert, we’re using a wildcard cert from DigiCert on our Ghost instance as well as our mail server.

The receiving connector on our exchange is configured correctly and other devices are able to send mails just fine without any user informations.

Thanks in advance for any help!

2

You need a FQDN for a mail server, but that’s unnecessary in most circumstances.

If you are only hosting Ghost and this is the only service sending messages via SMTP, use a relay such as Mailgun or another free email service with SMTP.

Then configure Ghost to use this. You also need to check that port 587 is open; 25 is almost certainly closed by the host.

3

Hi mjw, thanks for your reply.

I’m already using the internal FQDN, switchting to the IP does result in the same error message.

Port 25 is open for selected internal IPs and other devices have no trouble sending mails, for example Samsung Flip are sending mails fine over port 25.

4

Ghost is rejecting the self-signed certificate. Therefore, if you have a working MTA on the server, use the direct method in your Ghost configuration.

5

Sorry, but I don’t understand the error since it’s not a self-signed certificate. We’re using a wildcard certificate issued by DigiCert.

When using the direct method, I’m getting the following error:

Request was rejected due to server error

Since I don’t see anything in the firewall log, I assume the error is on the Ghost blog VM itself.

6

Ghost is receiving an error from the mail server, so check those logs. Also, have you tried a TLS connection?