Ghost introduced device verification and 2FA back in April:
This requires a working mail configuration.
The error message indicates that there is a mismatch in SSL versions. I have ran into this before with a weird VPS setup, though I am surprised this happens on DigitalOcean.
Quick workaround: set mail.options.tls.rejectUnauthorized to false in your configuration.
Better workaround: use the Mailgun API for transactional emails. DigitalOcean is starting to block standard SMTP ports, so sooner or later you probably won’t be able to send via SMTP after all.
Here’s how you can set that up (unfortunately not in the official docs):
As an alternative: you can also disable the device verification by setting security.staffDeviceVerification to false, though this does not solve the underlying issue with your transactional emails failing.