Replace this template with your information
My incoming email is not working after updating gitlab, after some googling I know changing gitlab_rails['incoming_email_delivery_method'] to sideqik make it work but according to Add webhook delivery method to mailroom (!5927) · Merge requests · GitLab.org / omnibus-gitlab · GitLab webhook delivery method is better.
But with my config default to webhook incoming email is not working, I think the problem is in the SSL
Here is my mailroom logs
#<Thread:0x00007ff639e36020 /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/mailbox_watcher.rb:35 run> terminated with exception (report_on_exception is true):
2023-03-16_01:18:09.21794 /opt/gitlab/embedded/lib/ruby/2.7.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (Faraday::SSLError)
2023-03-16_01:18:09.21797 from /opt/gitlab/embedded/lib/ruby/2.7.0/net/protocol.rb:44:in `ssl_socket_connect'
2023-03-16_01:18:09.21799 from /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:1009:in `connect'
2023-03-16_01:18:09.21799 from /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:943:in `do_start'
2023-03-16_01:18:09.21800 from /opt/gitlab/embedded/lib/ruby/2.7.0/net/http.rb:932:in `start'
2023-03-16_01:18:09.21801 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-net_http-3.0.2/lib/faraday/adapter/net_http.rb:112:in `request_with_wrapped_block'
2023-03-16_01:18:09.21801 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-net_http-3.0.2/lib/faraday/adapter/net_http.rb:102:in `perform_request'
2023-03-16_01:18:09.21802 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-net_http-3.0.2/lib/faraday/adapter/net_http.rb:66:in `block in call'
2023-03-16_01:18:09.21803 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-2.7.4/lib/faraday/adapter.rb:45:in `connection'
2023-03-16_01:18:09.21803 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-net_http-3.0.2/lib/faraday/adapter/net_http.rb:65:in `call'
2023-03-16_01:18:09.21815 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-2.7.4/lib/faraday/request/url_encoded.rb:25:in `call'
2023-03-16_01:18:09.21985 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-2.7.4/lib/faraday/rack_builder.rb:153:in `build_response'
2023-03-16_01:18:09.21986 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-2.7.4/lib/faraday/connection.rb:444:in `run_request'
2023-03-16_01:18:09.21987 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/faraday-2.7.4/lib/faraday/connection.rb:280:in `post'
2023-03-16_01:18:09.21987 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/delivery/postback.rb:78:in `deliver'
2023-03-16_01:18:09.21988 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/mailbox.rb:118:in `deliver'
2023-03-16_01:18:09.21988 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/mailbox_watcher.rb:32:in `block in run'
2023-03-16_01:18:09.21989 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/imap/connection.rb:138:in `map'
2023-03-16_01:18:09.21989 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/imap/connection.rb:138:in `process_mailbox'
2023-03-16_01:18:09.21991 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/imap/connection.rb:49:in `wait'
2023-03-16_01:18:09.21993 from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/gitlab-mail_room-0.0.20/lib/mail_room/mailbox_watcher.rb:37:in `block in run'
My domain using wildcard ssl, here my ssl troubleshooting:
echo | /opt/gitlab/embedded/bin/openssl s_client -connect mydomain.tld:443
CONNECTED(00000003)
---
Certificate chain
0 s:C = ID, L = Jakarta Pusat, O = [redacted], CN = [redacted]
i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
---
Server certificate
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
subject=C = ID, L = Jakarta Pusat, O = [redacted], CN = [redacted]
issuer=C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4490 bytes and written 397 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 785F0FBA45FD472307C9D13BDB471F69251FED3F0570B9D33CB1A96DD5058893
Session-ID-ctx:
Resumption PSK: 3A6A92B4A52E21CD6532A999CA83B8FBEA93C8B646D02F84D94334B829CB23AF56345518D7467E7BFB71680C784ED778
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 65 cc b5 ce 9d 0d 26 d5-75 3e 50 9f 08 61 35 fb e.....&.u>P..a5.
0010 - 9a 72 ae 04 03 c3 2a ea-56 87 02 c4 5a a5 3a a6 .r....*.V...Z.:.
Start Time: 1678931011
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: CC90A0C195B410993C1C156134DDDD91F314D0F7236672D968037F7C1090A02E
Session-ID-ctx:
Resumption PSK: 17627F28473647E907FCDDE74F6836D9E9C8565F5E5EC0CDAD8ABEB0F51584BCD0169E1334F40DA02559BE9E377B37AE
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 8e e3 72 5e dc 63 f2 0d-95 8a 88 9c a6 ce 2e 86 ..r^.c..........
0010 - 99 60 27 8d a4 65 26 cb-78 b3 c8 5d ad c3 24 9c .`'..e&.x..]..$.
Start Time: 1678931011
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK