starred/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2026-02-05 16:49:47 +03:00
Code Issues 784 Packages Projects Releases 10 Wiki Activity

Unable to connect with STARTTLS #4511

New Issue
Closed
opened 2026-02-05 09:02:33 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2026-02-05 09:02:33 +03:00
Owner
Copy Link

Originally created by @franciscojasousa on GitHub (Mar 13, 2024).

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

Hi Dan,
Our environment is set with LDAP authentication and e-mail as SMTP with IP and port 25 with values username, password and encryption defined as null.
It's has been working great for the last year or so.
We began receiving the error below when testing send e-mail or when a new user logins:

Unable to connect with STARTTLS:
stream_socket_enable_crypto(): SSL operation failed with code 1.
OpenSSL Error messages:
error 0A000086: SSL routines:: certificate verify failed

Anotação 2024-03-13 132225

The certificate will only next August.
Just upgraded Ubuntu Server 22.04.4 LTS and Bookstack to latest version with the commands below:

sudo apt -y update && sudo apt -y upgrade
cd /var/www/bookstack
sudo git pull origin release
composer install --no-dev
php artisan migrate
sudo php artisan cache:clear
sudo php artisan config:clear
sudo php artisan view:clear
sudo systemctl restart apache2

Please advise.

Kind regards

Francisco

Exact BookStack Version

v24.02.2

Log Content

No response

Hosting Environment

Ubuntu Server 22.04.4 LTS

Originally created by @franciscojasousa on GitHub (Mar 13, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi Dan, Our environment is set with LDAP authentication and e-mail as SMTP with IP and port 25 with values username, password and encryption defined as null. It's has been working great for the last year or so. We began receiving the error below when testing send e-mail or when a new user logins: _**Unable to connect with STARTTLS: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error 0A000086: SSL routines:: certificate verify failed**_ ![Anotação 2024-03-13 132225](https://github.com/BookStackApp/BookStack/assets/3234969/f6f4e84f-5da0-44e6-9417-6bc4509d64ce) The certificate will only next August. Just upgraded Ubuntu Server 22.04.4 LTS and Bookstack to latest version with the commands below: sudo apt -y update && sudo apt -y upgrade cd /var/www/bookstack sudo git pull origin release composer install --no-dev php artisan migrate sudo php artisan cache:clear sudo php artisan config:clear sudo php artisan view:clear sudo systemctl restart apache2 Please advise. Kind regards Francisco ### Exact BookStack Version v24.02.2 ### Log Content _No response_ ### Hosting Environment Ubuntu Server 22.04.4 LTS
OVERLORD added the 🐕 Support label 2026-02-05 09:02:33 +03:00
OVERLORD commented 2026-02-05 09:02:44 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 13, 2024):

Hi @franciscojasousa,
This generally indicates the SMTP server is attempting to upgrade the connection via STARTTLS but that's failing as it can't verify the cert.

Any details about the SMTP server? Was that recently updated? Is it a custom hosted setup kind of thing?

@ssddanbrown commented on GitHub (Mar 13, 2024): Hi @franciscojasousa, This generally indicates the SMTP server is attempting to upgrade the connection via STARTTLS but that's failing as it can't verify the cert. Any details about the SMTP server? Was that recently updated? Is it a custom hosted setup kind of thing?
OVERLORD commented 2026-02-05 09:02:47 +03:00
Author
Owner
Copy Link

@franciscojasousa commented on GitHub (Mar 13, 2024):

Hi Dan,
it's a Windows Server with Microsoft Exchange 2016.
Any ideas on what I can do?
Thank you

@franciscojasousa commented on GitHub (Mar 13, 2024): Hi Dan, it's a Windows Server with Microsoft Exchange 2016. Any ideas on what I can do? Thank you
OVERLORD commented 2026-02-05 09:02:52 +03:00
Author
Owner
Copy Link

@ssddanbrown commented on GitHub (Mar 13, 2024):

@franciscojasousa Ideally you'd get the CA certificate for the certs that Exchange is setup to use, then add that to the trusted certificate store of the BookStack host.
I'm quite clueless though I'm afraid when it comes to Microsoft server software so can't really provide specifics on that side of things.

@ssddanbrown commented on GitHub (Mar 13, 2024): @franciscojasousa Ideally you'd get the CA certificate for the certs that Exchange is setup to use, then add that to the trusted certificate store of the BookStack host. I'm quite clueless though I'm afraid when it comes to Microsoft server software so can't really provide specifics on that side of things.
OVERLORD commented 2026-02-05 09:02:56 +03:00
Author
Owner
Copy Link

@franciscojasousa commented on GitHub (Mar 14, 2024):

Hi @ssddanbrown,
just inserted the CAs (root and Interm) but it didn't work so, as a workaround, used the below found in your documentation:

<html>
Connection TLS/SSL Certificate Verification

In some cases your SMTP server may be using a private/self-signed TLS/SSL certificate that would usually fail certificate verification. In these cases its common for that certificate (Or its CA) to be added to the BookStack’s host trusted certificate database. If that’s not possible, you can alternatively disable SSL/TLS certificate verification for mail sending by adding this setting to your .env file:

  -- 
# Verify SSL/TLS certificates during SMTP sending
# WARNING: Disabling verification using a 'false' value 
# can make you vulnerable to MITM attacks
MAIL_VERIFY_SSL=false
</html>

Thank you for your time and this wonderful platform.

Francisco

@franciscojasousa commented on GitHub (Mar 14, 2024): Hi @ssddanbrown, just inserted the CAs (root and Interm) but it didn't work so, as a workaround, used the below [found in your documentation](https://www.bookstackapp.com/docs/admin/email-webhooks/): <html><body> <!--StartFragment--><h5 id="connection-tlsssl-certificate-verification">Connection TLS/SSL Certificate Verification</h5> <p>In some cases your SMTP server may be using a private/self-signed TLS/SSL certificate that would usually fail certificate verification. In these cases its common for that certificate (Or its CA) to be added to the BookStack’s host trusted certificate database. If that’s not possible, you can alternatively disable SSL/TLS certificate verification for mail sending by adding this setting to your <code>.env</code> file:</p> <div class="highlight"><div class="chroma">   -- </div></div> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Verify SSL/TLS certificates during SMTP sending</span> </span></span><span class="line"><span class="cl"><span class="c1"># WARNING: Disabling verification using a 'false' value </span> </span></span><span class="line"><span class="cl"><span class="c1"># can make you vulnerable to MITM attacks</span> </span></span><span class="line"><span class="cl"><span class="nv">MAIL_VERIFY_SSL</span><span class="o">=</span><span class="nb">false</span> </span></span></code></pre><!--EndFragment--> </body> </html> Thank you for your time and this wonderful platform. Francisco
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
🎨 Design
📖 Docs Update
🐛 Bug
🐛 Bug
:cat2:🐈 Possible duplicate
💿 Database
Open to discussion
💻 Front-End
🐕 Support
🚪 Authentication
🌍 Translations
🔌 API Task
🏭 Back-End
Upstream
🔨 Feature Request
🛠️ Enhancement
🛠️ Enhancement
🛠️ Enhancement
❤️ Happy feedback
🔒 Security
🔍 Pending Validation
💆 UX
📝 WYSIWYG Editor
🌔 Out of scope
🔩 API Request
:octocat: Admin/Meta
🖌️ View Customization
Question
🚀 Priority
🛡️ Blocked
🚚 Export System
A11y
🔧 Maintenance
> Markdown Editor
pull-request
Mirrored from GitHub Pull Request
No Label 🐕 Support
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/BookStack#4511
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?