Could not send email: Could not convert socket to TLS
I'm running on CentOS and everything is up to date according to the updated (ubersvn core = 12.03.9420-2) I get this error on the logs: ERROR (?:?) - Could not send email: Could not convert socket to TLS My settings are: SSL Off SMTP Auth On Username
This configuration worked fine and was not updated or modified in anyway for the past 3 months.
I see this on my mailserver logs when I click on test on the mail server configuration page:
Mar 28 13:04:52 server sendmail: STARTTLS=server, error: accept failed=0, SSL_error=1, timedout=0, errno=0
Mar 28 13:04:52 server sendmail: STARTTLS=server: 20388:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1052:SSL alert number 46
Mar 28 13:04:52 server sendmail: q2SJ4q4h020388: xx.xx.xx.xx [nn.nn.nn.nn] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Any ideas to help debug this problem?
Is there a way to force it not to use TLS to see if that works?
mbooth;118737Before this update, uberSVN did not use encryption even if the mail server advertised itself as supporting TLS. (Your server is advertising TLS encryption by use of the STARTTLS keyword.) After the update, if the mail server advertises itself as supporting TLS uberSVN tries to upgrade the socket from unencrypted to TLS encypted, which is what is happening here. A Could not convert socket to TLS error may happen if the mail server's certificate is invalid, the most probable cause is that the certificate is self-signed or has expired. So you have a few options, in order of most to least preferred: 1 Configure your mail server with a real certificate. 2 If your certificate is self-signed, add that to a trust store and configure uberSVN to use the trust store. (I can show you how to do this.) 3 Disable TLS advertisement on your mail server and go back to unencrypted communications.In the environment I'm current working a real certificate is not an option for this mail server. I'll have to go with option #2 which is to trust that self-signed certificate. Can you please show me how to do that? Thanks!
After getting the correct certificate and following your instructions everything worked correctly. Thanks!
Hy, i have the same problem like emartinez. Since approximately 2 weeks our UberSVN-Server is not able to send a mail ("Could not send email: Could not convert socket to TLS"). The setup was never change and had always worked well. I tried to reproduce the step from post 03-29-2012, 06:12 PM in this thread but i have some troubles. -) I have only a *.cer file from the email-server (from the admin) and not a *.crt like in the sample above => is that a problem? -) I can not find the /opt/ubersvn/bin/ubersvncontrol file to add -Djavax.net.ssl.trustStore=/opt/ubersvn/conf/uber_keystore to the JAVA_OPTS variable My UberSVN-system: OS: Win 2008 R2 Server x64 UberSVN-Version:12.4-9777 - SVN 1.7 So can anybody help me? Thanks in advance Greetings Mike
mbooth;118745Sure. You need to download the server's certificate or get the admin to send you a copy of it, whichever is easier, then create a keystore:Hi, I am waiting with impatience this feature, thinking that the two last updates corrected it. Not yet it seems, do you work on it ? Thanks, Guillaume.
$ /opt/ubersvn/jre/bin/keytool -importcert -alias MailServer -file MailServer.crt -keystore /opt/ubersvn/conf/uber_keystoreThen add -Djavax.net.ssl.trustStore=/opt/ubersvn/conf/uber_keystore to the JAVA_OPTS variable in the /opt/ubersvn/bin/ubersvncontrol file and restart. Sorry this isn't easier, in the future it will be possible to configure this from the web interface.
The -trustcacerts option appears to have solved the "Could not convert socket to TLS" error. I can now send email!! Thanks a lot for the help!
I'm so sorry to resurrect such an old post, but I'm still stuck here. I'm on version 13.02.3008-1, currently running the server on a spare Win7 laptop we had. We are trying this out to see if we like it, then we'll put it on a VM. I asked the email admin for a copy of the certificate, and sent him the link to this post. He said we don't have a self generated cert, and that it's a real one that's signed by a certificate authority. However, I still get the "Could not convert socket to TLS" error. Is there anything else I can check that might lead to helping solve this issue? I appreciate any assistance, Chris
1-11 of 11
Reply to this discussion
You cannot edit posts or make replies: You should be logged in before you can post.