XF 2.1 Unable to send emails using SSL or TLS against Exchange Server with multi domain certificate

[NealC]

Running Exchange Server 2019 on a dedicated server and as we host multiple domains we have a multi-domain SSL certificate. I'm running PHP 7.3.12 on Windows Server 2019 running my XF 2.1 forums. I'm unable to send SMTP email outbound using either SSL or TLS. Emails use authentication and I am able to send unencrypted but not with SSL or TLS selected.

Any help would be appreciated.

 

[Liam W]

What error do you get? If you're using SSL, it'd generally be curl that does the certificate validation, and I'm not sure it's something that can be controlled via the running script.

 

[NealC]

One test with SSL the other TLS:

• ErrorException: Email to [removed] failed: [E_WARNING] stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
• src\vendor\swiftmailer\swiftmailer\lib\classes\Swift\Transport\StreamBuffer.php:103

• Swift_TransportException: Email to [removed] failed: Connection could not be established with host mail.domain.com [ #0] Log data: ++ Starting Swift_SmtpTransport !! Connection could not be established with host mail.domain.com [ #0] (code: 0)
• src\vendor\swiftmailer\swiftmailer\lib\classes\Swift\Plugins\LoggerPlugin.php:140

 

[Kirby]

Are you running SMTP over SSL/TLS (usually port 465) or StartTLS on port 25/587?
Which CA did you get the cert from?

The error message seems to indicate that your webserver cannot verify the certificate, probably because it is missing intermediate certificates.

 

[NealC]

Are you running SMTP over SSL/TLS (usually port 465) or StartTLS on port 25/587?
Which CA did you get the cert from?

I am running SMTP on 25 and 465 (and 587). GoDaddy where I've always done my business. No other site I run has an issue, it seems to be PHP only.

The error message seems to indicate that your webserver cannot verify the certificate, probably because it is missing intermediate certificates.

It seems to me it's a PHP openssl issue? I don't know...

 

[Liam W]

It's entirely possible other software isn't verifying the certificate chain - PHP didn't by default until 7.3. You need to make sure the full certificate chain is being returned.

You can debug it at https://ssl-tools.net/mailservers (I can't vouch for the trustworthiness of that site).

I also wouldn't go within a country of GoDaddy.

 

[NealC]

I also wouldn't go within a country of GoDaddy.

Who do you suggest then?

By the way I tried the top domain in the list of domains in the multi-site cert and I think it's working. Still testing.

 

[Biarritz64]

same problem here
any solution?

 

[NealC]

In my case I did away with the multi-domain cert, I ended up not needing it, and I redid all of my accounts that I use for XF sites. I'm setup with the config in XF using TLS on port 110.

 

[Biarritz64]

thank you