Announcement

Collapse
No announcement yet.

Problems with SMTP connection by TLS

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems with SMTP connection by TLS

    Hello,

    I have e fresh installed EspoCRM (4.4.1) running under Debian with Apache 2.4 and PHP 7.0 (exact Version 7.0.16). I try to configure the Email account for outgoing Emails by using our Windows Exchange Server 2010 via SMTP. In a first step I've got always the error "Could not open socket, Code: 500 URL: /api/v1/Email/action/sendTestEmail [] []"
    After some investigation I could fix this error by inserting the Statement 'openssl.cafile' in the php.ini. But now I get another error. That's the snippet from the log:
    ------------------
    [2017-02-27 14:02:27] Espo.WARNING: E_WARNING: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed {"code":2,"message":"stream_socket_enable_crypto() : SSL operation failed with code 1. OpenSSL Error messages:\nerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed","file":"/var/www/crm/vendor/zendframework/zend-mail/src/Protocol/Smtp.php","line":178,"context":{"host":"admin"}} []
    [2017-02-27 14:02:27] Espo.ERROR: API [POST]:/:controller/action/:action, Params:Array ( [controller] => Email [action] => sendTestEmail ) , InputData: {"server":"XXX.XXX.XXX.XXX","port":587,"auth":true ,"security":"TLS","username":"XYZUser","password": "*****","fromName":"","fromAddress":"XYZ@XXX.de"," type":"outboundEmail","emailAddress":"ABC@DEF.de"} - Unable to connect via TLS [] []
    [2017-02-27 14:02:27] Espo.ERROR: Display Error: Unable to connect via TLS, Code: 500 URL: /api/v1/Email/action/sendTestEmail [] []
    ------------------
    It seems, that the System is using the host "admin" instead of the real name/IP adress. And I have no idea where I can fix it.

    Can anyone help me?

  • #2
    Hi!

    This error is associated with a self-signed certificate on the server.

    2 solutions:
    1. Use the correct certificate on the server (Let's Encrypt or other)
    2. Make changes to the certificate validation when connecting via SSL.

    Code:
    vendor/zendframework/zend-mail/src/Protocol/AbstractProtocol.php
    change function _connect.
    replace
    PHP Code:
    // open connection
            
    $this->socket = @stream_socket_client($remote$errorNum$errorStrself::TIMEOUT_CONNECTION); 
    with
    PHP Code:
    $contextOptions = array(
                
    'ssl' => array(
                    
    'verify_peer' => false,
                    
    'verify_peer_name' => false
                
    )
            );

            
    $context stream_context_create($contextOptions);

            
    // open connection
            
    $this->socket = @stream_socket_client($remote$errorNum$errorStrself::TIMEOUT_CONNECTIONSTREAM_CLIENT_CONNECT$context); 

    Comment


    • #3
      This solution worked fine until the last update (5.9.0). Is there a new solution for this problem?

      Many thanks

      Comment


      • #4
        zendframework was renamed to laminas. You need to make the same changed in vendor/laminas.

        Comment


        • #5
          I already tried this, emptied the cache, restarted the webserver and reloaded the page. But still the same error ...

          Comment


          • #6
            Is your error exactly like the first post? If not perhaps trying copy/paste it and someone might be able to provide insight.

            Considering you have (full?) access to your Server, why not use Let's Encrypt SSL?

            Comment


            • #7
              Hi,
              the error points to an invalid certificate (self-signed). The exact errormessage is: Fehler 500: Could not open socket: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:, error:1416F086:SSL routines:tls_process_server_certificate:certificat e verify failed

              The reason was my self-signed certificate, which normally doesn't cause trouble after I added the lines from the second post.

              My solution is now: I installed a Let's Encrypt certificate and this fixed my problem (at least for the next 90 days).

              Comment


              • #8
                Originally posted by boris View Post
                My solution is now: I installed a Let's Encrypt certificate and this fixed my problem (at least for the next 90 days).
                Glad to hear you found a solutions. My host only give 1 SSL, if I want more I have to manually do it with Let's Encrypt. Fortunately there is a system where you can make this automated, perhaps look into that. My host won't let me but sound like you have free reign in your server:

                Please refer to here:
                https://certbot.eff.org/

                Comment

                Working...
                X