Mailgun SSLv3 error in Docker after updating SSL certificate

I have had a blog running for about 3 months, with bulk and transactional email working just fine. I updated my SSL certificate, and now my bulk email is failing with an SSLv3 error (see full error message below). Everything I read online suggests that I need to use SMTP port 587 without secureConnection set to true, which is what I am currently doing.
The only change that was made before I experienced this error was updating my SSL certificate; immediately after that my transactional mail started failing. Does anyone have advice for how to get my transactional mail working again so my users can log in?

And

  • How was Ghost installed and configured?
    I installed Ghost via Docker. My docker config is listed below.
  • What Node version, database, OS & browser are you using?
    Node is version 14.18.0, database is mariadb, OS is ubuntu, browser is chrome.
  • What errors or information do you see in the console?
    I am able to send bulk email, but not transactional email.
  • What steps could someone else take to reproduce the issue you’re having?
    You can attempt to sign up as a member in order to receive the client-side error message. In order to reproduce this issue on your own server, I’m not sure what you would have to do.

Error message from my docker logs for ghost:

[2021-09-30 21:01:39] ERROR Failed to send email. Reason: 140500550887296:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
.

Failed to send email. Reason: 140500550887296:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
.

"Please see https://ghost.org/docs/config/#mail for instructions on configuring email."

Error ID:
    9b832d90-2231-11ec-9a97-99928509b4bf

Error Code:
    ESOCKET

----------------------------------------

EmailError: Failed to send email. Reason: 140500550887296:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
.
    at createMailError (/var/lib/ghost/versions/4.16.0/core/server/services/mail/GhostMailer.js:59:12)
    at GhostMailer.sendMail (/var/lib/ghost/versions/4.16.0/core/server/services/mail/GhostMailer.js:119:19)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async GhostMailer.send (/var/lib/ghost/versions/4.16.0/core/server/services/mail/GhostMailer.js:105:26)
    at async MagicLink.sendMagicLink (/var/lib/ghost/versions/4.16.0/node_modules/@tryghost/magic-link/lib/MagicLink.js:62:22)
    at async RouterController.sendMagicLink (/var/lib/ghost/versions/4.16.0/node_modules/@tryghost/members-api/lib/controllers/router.js:236:17)

Error: 140500550887296:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:


[2021-09-30 21:01:39] INFO "POST /members/api/send-magic-link/" 500 219ms

Docker Config:

version: '3'


networks:
  frontend:
  backend:

volumes:
  vol-db:

services:

  traefik:
    image: traefik:alpine
    command:
        - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https
        - --entryPoints=Name:https Address::443 TLS
        - --defaultEntryPoints=http,https
        - --docker
        - --docker.endpoint=unix:///var/run/docker.sock
        - --docker.domain=domain.localhost
        - --docker.watch=true
        - --acme
        - --acme.storage=/etc/traefik/acme/acme.json
        - --acme.email=${ACME_EMAIL}
        - --acme.OnHostRule=true
        - --acme.entryPoint=https
        - --acme.httpChallenge.entrypoint=http
    restart: unless-stopped
    networks:
      - backend
      - frontend
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./config/acme:/etc/traefik/acme
    ports:
      # Map port 80 and 443 on the host to this container.
      - "80:80"
      - "443:443"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=frontend"
      - "traefik.frontend.rule=Host:${DOMAINS_TRAEFIK}"
      - "traefik.port=8080"
      - "traefik.protocol=http"
      - "traefik.frontend.auth.basic=${BASIC_AUTH}"


  watchtower:
    image: v2tec/watchtower:latest
    command: --cleanup --schedule "0 0 0 * * *"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock



  db:
    # https://hub.docker.com/_/mariadb/
    image: mariadb:10.3
    command: --max_allowed_packet=256M
    restart: unless-stopped
    networks:
      - backend
    volumes:
      # Ensure the database persists between restarts.
      - vol-db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
      MYSQL_DATABASE: ${DB_NAME}
      MYSQL_USER: ${DB_USER}
      MYSQL_PASSWORD: ${DB_PASSWORD}




  ghost:
    image: ghost
    restart: unless-stopped
    links:
      - db
    networks:
      - backend
      - frontend
    volumes:
      - /home/jackson/Ghost:/var/lib/ghost/content
    labels:
      - "traefik.docker.network=frontend"
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:${DOMAINS_BLOG}"
      - "traefik.port=${TRAEFIK.PORT}"
      - "traefik.protocol=http"
    environment:
      url: ${BLOG_URL}
      database__client: mysql
      database__connection__host: db
      database__connection__database: ${DB_NAME}
      database__connection__user: ${DB_USER}
      database__connection__password: ${DB_PASSWORD}
      mail__transport: SMTP
      mail__options__service: 'Mailgun'
      mail__options__port: 587
      mail__options__auth__user: '${EMAIL_ADDRESS@mg.twelvetables.blog}'
      mail__options__auth__pass: ${MAILGUN_PASSWORD}

      mail__options__host: 'smtp.mailgun.org'

After more reading I found the solution here: Un-noticed(?) email config change in 4.15/16 - #6 by daniellockyer

Transactional emails are up and running smoothly again after adding mail__options__secure: 'false' to my docker-compose file!

1 Like