[GH-ISSUE #264] self-signed certificate error when attempting to send an email #3308

New Issue

Closed

opened 2026-04-20 07:14:25 -05:00 by GiteaMirror · 5 comments

GiteaMirror commented 2026-04-20 07:14:25 -05:00

Owner

Copy Link

Originally created by @Nightreaper77 on GitHub (Mar 2, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/264

When attempting to send an email after configuring SMTP, I am getting the following error:

2025-02-22T22:27:34.217Z [error]: self-signed certificate
Stack: Error: self-signed certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1677:34)
    at TLSSocket.emit (node:events:518:28)
    at TLSSocket._finishInit (node:_tls_wrap:1076:8)
    at ssl.onhandshakedone (node:_tls_wrap:862:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {"code":"ESOCKET","command":"CONN"}

I'm using ProtonMail Bridge as my SMTP server (unofficial docker container here: shenxn/protonmail-bridge-docker)

Relatively confident that the SMTP server is setup correctly, as I'm using the same configuration for other services like Nextcloud and they are working fine.

Here's my smtp configuration from config/config.yml:

email:
    smtp_host: "ip_address"
    smtp_port: 1025
    smtp_user: "username"
    smtp_pass: "password"
    no_reply: "email(same as username)"
    smtp_secure: false

ProtonMail Bridge is meant to use STARTTLS, which is normally configured as insecure, but I did try smtp_secure as well and got a TLS version mismatch (as expected).

Since it's a self-signed cert error, I imagine a config option could be added to ignore certificate warnings, but not sure.

Originally created by @Nightreaper77 on GitHub (Mar 2, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/264 When attempting to send an email after configuring SMTP, I am getting the following error: ``` 2025-02-22T22:27:34.217Z [error]: self-signed certificate Stack: Error: self-signed certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1677:34) at TLSSocket.emit (node:events:518:28) at TLSSocket._finishInit (node:_tls_wrap:1076:8) at ssl.onhandshakedone (node:_tls_wrap:862:12) at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {"code":"ESOCKET","command":"CONN"} ``` I'm using ProtonMail Bridge as my SMTP server (unofficial docker container here: shenxn/protonmail-bridge-docker) Relatively confident that the SMTP server is setup correctly, as I'm using the same configuration for other services like Nextcloud and they are working fine. Here's my smtp configuration from config/config.yml: ``` email: smtp_host: "ip_address" smtp_port: 1025 smtp_user: "username" smtp_pass: "password" no_reply: "email(same as username)" smtp_secure: false ``` ProtonMail Bridge is meant to use STARTTLS, which is normally configured as insecure, but I did try smtp_secure as well and got a TLS version mismatch (as expected). Since it's a self-signed cert error, I imagine a config option could be added to ignore certificate warnings, but not sure.

GiteaMirror closed this issue 2026-04-20 07:14:25 -05:00

GiteaMirror commented 2026-04-20 07:14:27 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Mar 3, 2025):

We use Nodemailer under the hood to send emails. I found this article that shows the following in the config.

tls: {
  rejectUnauthorized: false
}

Wondering if you think this would do the trick? I can expose this via the config file for you to test in the next release.

<!-- gh-comment-id:2693007897 --> @miloschwartz commented on GitHub (Mar 3, 2025): We use Nodemailer under the hood to send emails. I found [this article](https://dev.to/polluterofminds/how-to-use-protonmail-with-nodemailer-5c4l) that shows the following in the config. ```typescript tls: { rejectUnauthorized: false } ``` Wondering if you think this would do the trick? I can expose this via the config file for you to test in the next release.

GiteaMirror commented 2026-04-20 07:14:27 -05:00

Author

Owner

Copy Link

@Nightreaper77 commented on GitHub (Mar 3, 2025):

Yeah that definitely looks like the correct option. I'll test on next release. Thanks for the quick reply!

<!-- gh-comment-id:2693022890 --> @Nightreaper77 commented on GitHub (Mar 3, 2025): Yeah that definitely looks like the correct option. I'll test on next release. Thanks for the quick reply!

GiteaMirror commented 2026-04-20 07:14:28 -05:00

Author

Owner

Copy Link

@Nightreaper77 commented on GitHub (Mar 3, 2025):

Built from dev branch and confirmed that it does indeed fix the issue. Thanks!

<!-- gh-comment-id:2693224020 --> @Nightreaper77 commented on GitHub (Mar 3, 2025): Built from dev branch and confirmed that it does indeed fix the issue. Thanks!

GiteaMirror commented 2026-04-20 07:14:28 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Mar 3, 2025):

Awesome! Just fixed the typo in the config variable name.

<!-- gh-comment-id:2693245262 --> @miloschwartz commented on GitHub (Mar 3, 2025): Awesome! Just fixed the typo in the config variable name.

GiteaMirror commented 2026-04-20 07:14:29 -05:00

Author

Owner

Copy Link

@reg98643t commented on GitHub (Jul 7, 2025):

Sorry to resurrect this thread, but what do I put in my config.yml to make this work? I have the same issue with PM Bridge.

Edit: nevermind, if anyone stumbles on this it's

smtp_tls_reject_unauthorized: false

<!-- gh-comment-id:3046734976 --> @reg98643t commented on GitHub (Jul 7, 2025): Sorry to resurrect this thread, but what do I put in my config.yml to make this work? I have the same issue with PM Bridge. Edit: nevermind, if anyone stumbles on this it's > smtp_tls_reject_unauthorized: false

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#3308