Transactional email configuration through AWS SES not working

  • What’s your URL? This is the easiest way for others to debug your issue (but also tested on other domains on the same server)
  • What version of Ghost are you using?
    latest (3.14.10)
  • What configuration?
    AWS Ubuntu 18.04 EC2 + nginx + RDS MariaDB + SES
  • What browser?
    Chrome, but shouldn’t be browser bound
  • What errors or information do you see in the console?
    No error in the console
  • What steps could someone else take to reproduce the issue you’re having?
    Add AWS SES configuration to config.production.json as per

I’m trying to setup my transactional email after moving sites from DO to AWS and I run into some weird issues that I cannot seem to get past. I’m following the standard Ghost email config with the following setup:

"mail": {
"from": "'Daniel Lastname' <>",
"transport": "SMTP",
"options": {
  "host": "",
  "port": 465,
  "service": "SES",
  "auth": {
    "user": "********************",
    "pass": "****************************************"

All domains I have tested are validated in SES as well as the email addresses. All sites sit on the same server, but the error messages are slightly different (if members email si configured or not). All sites use the same SES credentials (full SES & SNS access) and the credentials are valid (as I’ve tested them on Wordpress sites with WP Offload SES Lite) and they work (SES region = Ireland, .i.e. eu-west-1).
Are you seeing this email? You are? Well awesome - that means you’re all set to start sending emails from your site via Amazon SES :tada:

For those sites where only transactional email is configured, the error is:
Failed to send email. Reason: Invalid login - 535 Authentication Credentials Invalid.
If I change port to 587, the error is the same as below.

For the site where I’ve also setup Mailgun for members email, the error is:
Failed to send email. Reason: 139644882831168:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:…/deps/openssl/openssl/ssl/record/ssl3_record.c:332: .

If I change the SES config with Mailgun SMTP config (port 587), the email test seems to work (mails arrived in the inbox).

There is no error showing up in nginx logs to debug this. There’s no firewall rule to block any traffic going out. I’ve tried with SMTP credentials with only SES Sending enabled and the error is the same. Any ideas what could cause this? Thanks!