Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Outbound SSL log entry: "error=ERR_TLS_CERT_ALTNAME_INVALID"

    Support
    mail certificates
    3
    10
    458
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • d19dotca
      d19dotca last edited by girish

      I was reviewing some mail logs on my server today and found this:

      2020-10-26T23:45:45.000Z [INFO] [5DBEA39F-1F3F-47D4-9657-B2E73169F4EF.1.1] [outbound] secured verified=false cipher=TLS_AES_256_GCM_SHA384 version=TLSv1.3 error=ERR_TLS_CERT_ALTNAME_INVALID cn=mail.<domain> organization="" issuer="Let's Encrypt" expires="Jan 23 02:21:38 2021 GMT" fingerprint=79:81:76:C6:C4:21:FC:0D:23:B7:AB:CA:A9:42:D6:AB:6D:64:F0:2B
      

      I don't recall seeing that error before. As best I can tell, everything is working though. I am raising it simply because I've made two changes recently in the past two weeks, and perhaps one of these triggered this issue? I'm curious if this is something that needs to be fixed or if it can be ignored.

      The changes I made recently were:

      • Changed mail subdomain from my.<domain> to mail.<domain>.
      • Changed the DNS provider, resulting in new certificates being generated for the <domain>.

      Any thoughts? Anything I need to do to fix this?

      --
      Dustin Dauncey
      www.d19.ca

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        Looks like the mail domain name change caused this and the certificate is somehow wrong. Can you see if you maybe just hit https://forum.cloudron.io/topic/3186/how-to-fix-email-certificate-issue-in-5-6/2?_=1603190711357 ?

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by

          Do you see this many times (like for every mail being sent out?) or is just one log?

          d19dotca 1 Reply Last reply Reply Quote 0
          • d19dotca
            d19dotca @girish last edited by

            @girish I see it many times now that I look deeper into it. When I export the full raw logs for email, and search for "ERR_TLS_CERT_ALTNAME_INVALID", I see it finds it 393 times and that's just in just a one day period by the looks of it (26-27th).

            @nebulon I will see if that fixes it, will report back soon.

            --
            Dustin Dauncey
            www.d19.ca

            d19dotca 1 Reply Last reply Reply Quote 0
            • d19dotca
              d19dotca @d19dotca last edited by

              More a note for myself... the time of this post is the time I followed and completed the instructions at https://forum.cloudron.io/topic/3186/how-to-fix-email-certificate-issue-in-5-6/2?_=1603190711357

              I will watch and report back if I continue to see the error after this date/time of "Oct 27 10:54:31" in my logs.

              --
              Dustin Dauncey
              www.d19.ca

              1 Reply Last reply Reply Quote 0
              • d19dotca
                d19dotca last edited by

                @girish & @nebulon - It looks like it didn't fix it (the steps from the other page), as I still see it in the logs at 2020-10-27T18:06:51.000Z which is UTC and translates to 11:06:51 AM Pacific Time, well after I followed the earlier steps which was as of 10:54 AM Pacific.

                --
                Dustin Dauncey
                www.d19.ca

                1 Reply Last reply Reply Quote 0
                • d19dotca
                  d19dotca last edited by

                  Just an update... I still see this happening in the logs. Was about to make a post on it and realized I had this one from October 2020 already. haha.

                  Here's a latest log example:

                  Mar 09 16:43:59 [INFO] [35E59150-4AB6-4294-B369-B38CEECFAD88.1.1] [outbound] secured verified=false cipher=TLS_AES_256_GCM_SHA384 version=TLSv1.3 error=ERR_TLS_CERT_ALTNAME_INVALID cn=mail.<domain.tld> organization="" issuer="Let's Encrypt" expires="May 23 11:00:50 2021 GMT" fingerprint=<fingerprint>

                  Any ideas why this is still occurring? I'm using Wildcard DNS as the DNS type, if that matters at all. And I have the mail server changed from my.<domain.tld> to mail.<domain.tld> if that is relevant here too.

                  --
                  Dustin Dauncey
                  www.d19.ca

                  girish 1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @d19dotca last edited by

                    @d19dotca do you get this even after restarting the mail server?

                    d19dotca 1 Reply Last reply Reply Quote 0
                    • d19dotca
                      d19dotca @girish last edited by

                      @girish Yes, I do. This is basically the same error I've seen since October when I reported it last year and the mail server has of course been restarted many times since then for updates and such, so it seems to still be sticking around.

                      --
                      Dustin Dauncey
                      www.d19.ca

                      girish 1 Reply Last reply Reply Quote 0
                      • girish
                        girish Staff @d19dotca last edited by

                        @d19dotca Ah, I see this on our server as well. It seems that this is printed for all incoming mails because Haraka tries to transfer mail to Dovecot via TLS (via LMTP). Disabling SSL removes the message. Since the message transfer is internal, it's fine. I have pushed the fix for next release but the message is safe to ignore.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Powered by NodeBB