I'm using Cyberpanel with the mail server solution called Rainloop to host my websites but I can't seem to connect my mail to OneDev.
I'm getting the following output:
Please wait...
java.lang.RuntimeException: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.projectsincluded.com:587
at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:259)
at io.onedev.server.web.page.admin.mailsetting.MailSettingPage$2.runTask(MailSettingPage.java:151)
at io.onedev.server.web.component.taskbutton.TaskButton$2.call(TaskButton.java:173)
at io.onedev.server.web.component.taskbutton.TaskButton$2.call(TaskButton.java:144)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at io.onedev.server.security.SecurityUtils$1.run(SecurityUtils.java:338)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : mail.projectsincluded.com:587
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1469)
at org.apache.commons.mail.Email.send(Email.java:1496)
at io.onedev.server.notification.DefaultMailManager.sendMail(DefaultMailManager.java:257)
... 8 more
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2064)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:724)
at javax.mail.Service.connect(Service.java:388)
at javax.mail.Service.connect(Service.java:246)
at javax.mail.Service.connect(Service.java:195)
at javax.mail.Transport.send0(Transport.java:254)
at javax.mail.Transport.send(Transport.java:124)
at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1459)
... 10 more
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1392)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1300)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:435)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:598)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:525)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2059)
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
... 36 more
There is a valid SSL certificate on the mail server and rDNS is enabled.
Robin Shen commented 2 years ago
Looks like that the certificate is not recognized by the JVM running OneDev. Are your mail server using a self-signed certificate?
Ruben Flinterman commented 2 years ago
No, I'm using a certificate generated by Cloudflare.
Robin Shen commented 2 years ago
How are you running OneDev? Via docker or via JVM?
Ruben Flinterman commented 2 years ago
I'm currently running it with JVM though I'm thinking about docker.
Robin Shen commented 2 years ago
Please make sure to run OneDev with latest Java 17 LTS version to see if it recognizes your CA.
Ruben Flinterman commented 2 years ago
I'm currently running
openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)
According to java -version (I'm not sure how to update the Java version)
I was able to get it to work on port 25 without StartTLS enabled, though the secure ports are still giving the same error (In the case I use a secured port I enable StartTLS).
Robin Shen commented 2 years ago
JDK 1.8 is pretty old, and it may not include latest CA root certificates. Try JDK 17 if you want to enable TLS.
Robin Shenchanged state to 'Closed'2 years ago
Previous Value
Current Value
Open
Closed
Robin Shen commented 2 years ago
How are you running OneDev? Via docker or via JVM?
Robin Shen commented 2 years ago
Please make sure to run OneDev with latest Java 17 LTS version to see if it recognizes your CA.
I'm using Cyberpanel with the mail server solution called Rainloop to host my websites but I can't seem to connect my mail to OneDev.
I'm getting the following output:
There is a valid SSL certificate on the mail server and rDNS is enabled.