Member API: Send Magic Link | Ressource not found (500)

Hello together,

I’ve recently updated to

  • ghost 4.16.0
  • ghost-cli 1.17.3

Since I’ve updated ghost, error occur when trying to send the magic link in order to registrate for the newsletter.

The following error is thrown Failed to load resource: the server responded with a status of 500 ()

while the .json-response for /members/api/send-magic-link/ looks as follows:

{"errors":[{"message":"Resource not found","context":null,"type":"NotFoundError","details":null,"property":null,"help":null,"code":null,"id":"03631ad0-2028-11ec-af99-c329db18a6d9"}]}

There must be any issue with Nodemailer or the existence of paths. Does anyone have a hint on how to proceed from here and solve the issue?

Edit: Due to the critical security vulnerability, the path /members/api/send-magic-link/ a new endpoint has been established. That’s at least what I’ve understood from Member account takeover · Advisory · TryGhost/Ghost · GitHub

However, I am not sure now how to proceed

Best regards

Could you please share the error logs from your server too so we can help you debug? :slight_smile:

Hi Fabien,

thanks for the reply. Attached you find the error logs

{
    "name": "Log",
    "hostname": "ghost-ubuntu-s-4vcpu-8gb-amd-fra1-01",
    "pid": 1226277,
    "level": 50,
    "err": {
        "id": "287663d0-2051-11ec-9ad4-27d8fa2b4118",
        "domain": "https://bitcoin-2go.de",
        "code": "ESOCKET",
        "name": "EmailError",
        "statusCode": 500,
        "level": "normal",
        "message": "Failed to send email. Reason: 140005995779968:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n.",
        "help": "\"Please see https://ghost.org/docs/config/#mail for instructions on configuring email.\"",
        "stack": "EmailError: Failed to send email. Reason: 140005995779968:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n.\n    at createMailError (/var/www/ghost/versions/4.15.1/core/server/services/mail/GhostMailer.js:59:12)\n    at GhostMailer.sendMail (/var/www/ghost/versions/4.15.1/core/server/services/mail/GhostMailer.js:119:19)\n    at processTicksAndRejections (internal/process/task_queues.js:93:5)\n    at async GhostMailer.send (/var/www/ghost/versions/4.15.1/core/server/services/mail/GhostMailer.js:105:26)\n    at async MagicLink.sendMagicLink (/var/www/ghost/versions/4.15.1/node_modules/@tryghost/magic-link/lib/MagicLink.js:62:22)\n    at async RouterController.sendMagicLink (/var/www/ghost/versions/4.15.1/node_modules/@tryghost/members-api/lib/controllers/router.js:236:17)\n\nError: 140005995779968:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n"
    },
    "msg": "Failed to send email. Reason: 140005995779968:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:\n.",
    "time": "2021-09-28T11:42:28.494Z",
    "v": 0
}

Ah that looks like you’ve run into the same issue as this!

You should be able to update your config to use secure instead of secureConnection - we’ll get a fix for this in the next release

1 Like

Indeed, I did run into the same issue.

With the provided link I was able to fix the problem. Appreciate the quick response :slight_smile: Have a great day!

2 Likes

I am running into this same issue. I’m hosting on DigitalOcean, and here’s a copy of my mail settings in config.production.json (user/pass intentionally removed). I am able to get the newsletters, but I can’t login as a subscriber.

  "mail": {
    "transport": "SMTP",
    "options": {
      "service": "Mailgun",
      "host": "smtp.mailgun.org",
      "auth": {
        "user": "removed",
        "pass": "removed"
      }
    }
  }
2 Likes

did you resolved, ihave the same problem, but i’m using a different domani from the site domain so i don’t understand

I’ve solved this by using SendGrid’s SMTP & API key. (Mailgun API key still used inside Ghost Admin)

Had the same issue I solved it by using this inside config.production.json. Took me 2 days to figure it out. Used telnet to see which ports were open, changed it to 587 and then changed the secure option to false. Works perfectly. Leaving this here for my future self to find it :slight_smile:

"mail": {
    "transport": "SMTP",
    "options": {
      "service": "Mailgun",
      "host": "smtp.eu.mailgun.org",
      "port": 587,
      "secureConnection": false,
      "auth": {
        "user": "mail@domain.com",
        "pass": "password"
      }
    }
  },