Hello everybody,
I have configured SMTP for my GitLab Instance, however the e-mail delivery fails. Here is an output of troubleshooting via rails-console:
➜ ~ gitlab-rails console
--------------------------------------------------------------------------------
Ruby: ruby 3.0.6p216 (2023-03-30 revision 23a532679b) [x86_64-linux]
GitLab: 16.0.1 (34d6370bacd) FOSS
GitLab Shell: 14.20.0
PostgreSQL: 13.8
------------------------------------------------------------[ booted in 45.67s ]
Loading production environment (Rails 6.1.7.2)
irb(main):001:0> ActionMailer::Base.smtp_settings
=> {:user_name=>nil, :password=>nil, :address=>"[MASKED]", :port=>25, :ca_file=>"/opt/gitlab/embedded/ssl/certs/cacert.pem", :open_timeout=>30, :read_timeout=>60}
irb(main):002:0> Notify.test_email('[MASKED]', 'Hello World', 'This is a test message').deliver_now
Delivered mail 6475a8dc55a0a_177adb3174907fb@zhm-lm00.mail (85.7ms)
/opt/gitlab/embedded/lib/ruby/gems/3.0.0/gems/net-protocol-0.1.3/lib/net/protocol.rb:46:in `connect_nonblock': SSL_connect returned=1 errno=0 peeraddr=128.127.50.150:25 state=error: certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError)
As you can see, no TLS has been configured for SMTP, that’s why I am confused about the error. Does anybody know how to troubleshoot this further?
The error shows that you are using self-signed certificates. I’m guessing you configured gitlab.rb similar like the example config below?
# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.server"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
# gitlab_rails['smtp_pool'] = false
If so, then what you need to do is also disable certificate verification because self-signed certs are unable to be verified:
# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
uncomment that option and run reconfigure for Gitlab after this. Then check it again and it should work. Alternatively, on your email server use trusted commercial certificates that you purchase.
1 Like
Amazing! It works like a charm!
However, I still don’t understand: did the default behavior change? My configuration used to work for months.
Also, my assumption was that commented-out lines show the default configuration but it turned out not to be the case.
1 Like
Yeah, it seems not all the options are treated like defaults. One or two other options I use (not related to email), required to be uncommented before they worked as they should.