Rails 3: OpenSSL::SSL::SSLError: hostname was not match with the server certificate

Ruby on-RailsRuby on-Rails-3OpensslSsl Certificate

Ruby on-Rails Problem Overview

When trying to deliver an email via console I receive this error:

OpenSSL::SSL::SSLError: hostname was not match with the server certificate

The thing is I really don't know much about certificates and such, or really how to get started troubleshooting this, I tried to do some investigation with openssl and here is the certificate that is returned.

I don't know if its a problem with Postfix which is running on the server, or my rails app, any help or clues is really appreciated.

~% openssl s_client -connect mail.myhostname.com:25 -starttls smtp
CONNECTED(00000003)
depth=0 /CN=myhostname
verify error:num=18:self signed certificate
verify return:1
depth=0 /CN=myhostname
verify return:1
---
Certificate chain
 0 s:/CN=myhostname
   i:/CN=myhostname
---
Server certificate
-----BEGIN CERTIFICATE-----
[...redacted...]
-----END CERTIFICATE-----
subject=/CN=myhostname
issuer=/CN=myhostname
---
No client certificate CA names sent
---
SSL handshake has read 1203 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1AA4B8BFAAA85DA9ED4755194C50311670E57C35B8C51F9C2749936DA11918E4
    Session-ID-ctx: 
    Master-Key: 9B432F1DE9F3580DCC6208C76F96631DC5A4BC517BDBADD5F514414DCF34AC526C30687B96C5C4742E9583555A118232
    Key-Arg   : None
    Start Time: 1292985376
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
250 DSN

Ruby on-Rails Solutions

Solution 1 - Ruby on-Rails

An infinitely better solution (in terms of security that is) than the accepted answer would be:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "foo.com",
  :user_name            => "[email protected]",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true,
  :openssl_verify_mode  => 'none'
}

This way you'll still be using encryption, but the validation of the certificate would be disabled (and you won't be getting any errors).

Solution 2 - Ruby on-Rails

EDIT: This answer is no longer the best solution, and may no longer work. See this answer which is more secure.

> The name on certificate should match with the url on which you are running your application

Not useful... I get this error with dreamhost, where I have no option to change the ssl certificate. (well, I do, but it costs.)

One option is to disable tls. Hopefully you have something like this in your initializers:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "foo.com",
  :user_name            => "[email protected]",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true
}

Change the enable starttls auto option to false (or add it in if it isn't present).

Warning: this will disable encryption, meaning your username an password will traverse the internet in plain text

I can't see a better way of doing this, so would be interested in any answers.

Solution 3 - Ruby on-Rails

If you are using the ruby mail library as I do,here is the setting for pop

pop = Net::POP3.new(mail_server, mail_port)
pop.enable_ssl(0) #(default is on, if you want turn it off set it to 0 )
pop.start(mail_username, mail_pwd)

Solution 4 - Ruby on-Rails

As many people discussing this question have mentioned dreamhost, there is a better dreamhost-specific answer to this question.

Your email software, in recent years, has probably started getting more belligerent at you for using incorrect servernames on your certificates. As a response, Dreamhost now recommends using their domain name rather than your own when setting up your email account.

You need to find out which mail cluster your account is assigned to, then your config will be as follows:

ActionMailer::Base.smtp_settings = {
  :address              => "mail.foo.com",
  :port                 => 587,
  :domain               => "subX.mail.dreamhost.com" # instead of "foo.com",
  :user_name            => "[email protected]",
  :password             => "foofoo",
  :authentication       => "plain",
  :enable_starttls_auto => true,
  # :openssl_verify_mode  => 'none' # hopefully, no longer needed
}

where subX is the subdomain your email cluster is on. Currently this can be found on your Dreamhost panel at Panel > Support > Data Centers

More details can be found on their email client configuration page: https://help.dreamhost.com/hc/en-us/articles/214918038-Email-client-configuration-overview

Categories
Recommended Ruby on-Rails Solutions
Recommended Ruby on-Rails-3 Solutions
Recommended Openssl Solutions
Recommended Ssl Certificate Solutions

Previous Solution:

Layout animation not working on first run

AndroidAndroid Animation

Next Solution:

How to use type: "POST" in jsonp ajax call

JqueryJsonpHttp Post

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionJP SilvashyView Question on Stackoverflow
Solution 1 - Ruby on-RailsBozhidar BatsovView Answer on Stackoverflow
Solution 2 - Ruby on-Railsuser208769View Answer on Stackoverflow
Solution 3 - Ruby on-RailsCharlesCView Answer on Stackoverflow
Solution 4 - Ruby on-Railsuser208769View Answer on Stackoverflow