No announcement yet.

Problems with SMTP connection by TLS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems with SMTP connection by TLS


    I have e fresh installed EspoCRM (4.4.1) running under Debian with Apache 2.4 and PHP 7.0 (exact Version 7.0.16). I try to configure the Email account for outgoing Emails by using our Windows Exchange Server 2010 via SMTP. In a first step I've got always the error "Could not open socket, Code: 500 URL: /api/v1/Email/action/sendTestEmail [] []"
    After some investigation I could fix this error by inserting the Statement 'openssl.cafile' in the php.ini. But now I get another error. That's the snippet from the log:
    [2017-02-27 14:02:27] Espo.WARNING: E_WARNING: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed {"code":2,"message":"stream_socket_enable_crypto() : SSL operation failed with code 1. OpenSSL Error messages:\nerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed","file":"/var/www/crm/vendor/zendframework/zend-mail/src/Protocol/Smtp.php","line":178,"context":{"host":"admin"}} []
    [2017-02-27 14:02:27] Espo.ERROR: API [POST]:/:controller/action/:action, Params:Array ( [controller] => Email [action] => sendTestEmail ) , InputData: {"server":"XXX.XXX.XXX.XXX","port":587,"auth":true ,"security":"TLS","username":"XYZUser","password": "*****","fromName":"","fromAddress":""," type":"outboundEmail","emailAddress":""} - Unable to connect via TLS [] []
    [2017-02-27 14:02:27] Espo.ERROR: Display Error: Unable to connect via TLS, Code: 500 URL: /api/v1/Email/action/sendTestEmail [] []
    It seems, that the System is using the host "admin" instead of the real name/IP adress. And I have no idea where I can fix it.

    Can anyone help me?

  • #2

    This error is associated with a self-signed certificate on the server.

    2 solutions:
    1. Use the correct certificate on the server (Let's Encrypt or other)
    2. Make changes to the certificate validation when connecting via SSL.

    change function _connect.
    PHP Code:
    // open connection
    $this->socket = @stream_socket_client($remote$errorNum$errorStrself::TIMEOUT_CONNECTION); 
    PHP Code:
    $contextOptions = array(
    'ssl' => array(
    'verify_peer' => false,
    'verify_peer_name' => false

    $context stream_context_create($contextOptions);

    // open connection
    $this->socket = @stream_socket_client($remote$errorNum$errorStrself::TIMEOUT_CONNECTIONSTREAM_CLIENT_CONNECT$context); 


    • #3
      This solution worked fine until the last update (5.9.0). Is there a new solution for this problem?

      Many thanks


      • #4
        zendframework was renamed to laminas. You need to make the same changed in vendor/laminas.


        • #5
          I already tried this, emptied the cache, restarted the webserver and reloaded the page. But still the same error ...


          • #6
            Is your error exactly like the first post? If not perhaps trying copy/paste it and someone might be able to provide insight.

            Considering you have (full?) access to your Server, why not use Let's Encrypt SSL?


            • #7
              the error points to an invalid certificate (self-signed). The exact errormessage is: Fehler 500: Could not open socket: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:, error:1416F086:SSL routines:tls_process_server_certificate:certificat e verify failed

              The reason was my self-signed certificate, which normally doesn't cause trouble after I added the lines from the second post.

              My solution is now: I installed a Let's Encrypt certificate and this fixed my problem (at least for the next 90 days).


              • #8
                Originally posted by boris View Post
                My solution is now: I installed a Let's Encrypt certificate and this fixed my problem (at least for the next 90 days).
                Glad to hear you found a solutions. My host only give 1 SSL, if I want more I have to manually do it with Let's Encrypt. Fortunately there is a system where you can make this automated, perhaps look into that. My host won't let me but sound like you have free reign in your server:

                Please refer to here: