haraka smtp server : Error: unable to get issuer certificate
haraka smtp server : Error: unable to get issuer certificate
尝试仅用作外发时出现 haraka 电子邮件服务器错误:
[tls] 安全:密码=ECDHE-RSA-AES128-GCM-SHA256 版本=TLSv1/SSLv3 验证=假错误="Error: unable to get issuer certificate"
...此发送电子邮件尝试的整个服务器日志
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] connect ip=111.222.333.444 port=55152 local_ip=:: local_port=587
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init_respond
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running lookup_rdns hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect hooks
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 mydomain.com ESMTP Haraka 2.8.8 ready
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: EHLO mydomain.com state=1
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running ehlo hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in tls plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=tls function=tls_capabilities params="" retval=CONT msg=""
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in auth/flat_file plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [auth/flat_file] Auth disabled for insecure public connection
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=auth/flat_file function=hook_capabilities params="" retval=CONT msg=""
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-mydomain.com Hello mydomain.com [111.222.333.444], Haraka is at your service.
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-PIPELINING
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-8BITMIME
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-SIZE 0
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250 STARTTLS
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: STARTTLS state=1
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hook in tls plugin
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 Go ahead.
[DEBUG] [-] [core] Upgrading to TLS
[DEBUG] [-] [core] TLS secured.
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=unrecognized_command plugin=tls function=tls_unrecognized_command params="STARTTLS" retval=OK msg=""
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] client [111.222.333.444] dropped connection
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hook in tls plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=disconnect plugin=tls function=hook_disconnect params="" retval=CONT msg=""
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] disconnect ip=111.222.333.444 rdns="mydomain.com" helo="" relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.06
这里是发送外发电子邮件的完整 nodejs 客户端代码
// https://github.com/nodemailer/nodemailer
var nodemailer = require('nodemailer');
var transporter = nodemailer.createTransport('smtp://myloginid:mypassword@mydomain.com:587');
var mailOptions = {
host: 'mydomain.com',
port: 587,
from: 'myloginid@mydomain.com', // sender address
to: 'mygmailname@gmail.com', // list of receivers
subject: 'Hello',
text: 'Hello world',
debug: true,
auth: {
user: 'myloginid',
pass: 'mypassword'
}
};
// send mail with defined transport object
transporter.sendMail(mailOptions, function(error, info){
if(error){
return console.log(error);
}
console.log('Message sent: ' + info.response);
});
节点--版本
v6.6.0
我正在使用
教程生成的 TLS 证书
https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/
这是四个证书文件
cert.pem chain.pem 全chain.pem privkey.pem
我为 haraka 使用了其中两个 TLS 证书文件
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/privkey.pem ${HARAKA_HOME}/config/tls_key.pem
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/cert.pem ${HARAKA_HOME}/config/tls_cert.pem
这里是错误
客户端 nodemailer
Error: unable to verify the first certificate at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
haraka 日志错误:
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
有什么建议吗?
PS。奇怪的是,即使上面的 nodejs 电子邮件客户端失败,如果我使用 swaks 发送电子邮件,它目前确实可以正常工作
swaks -f myloginid@mydomain.com -t mygmailname@gmail.com -s localhost -p 587 -au myloginid -ap mypassword
我在上面使用的 letsencrypt TLS 证书文件的选择适用于其他电子邮件服务器,如 postfix ...但 haraka 想要文件 fullchain.pem
之前用错了:cert.pem
正确的 TLS 证书:fullchain.pem
此文件更改修复了 TLS 错误,因此 Haraka 现在可以使用上述 nodejs 客户端代码发送外发电子邮件
尝试仅用作外发时出现 haraka 电子邮件服务器错误:
[tls] 安全:密码=ECDHE-RSA-AES128-GCM-SHA256 版本=TLSv1/SSLv3 验证=假错误="Error: unable to get issuer certificate"
...此发送电子邮件尝试的整个服务器日志
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] connect ip=111.222.333.444 port=55152 local_ip=:: local_port=587
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect_init_respond
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running lookup_rdns hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running connect hooks
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 mydomain.com ESMTP Haraka 2.8.8 ready
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: EHLO mydomain.com state=1
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running ehlo hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in tls plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=tls function=tls_capabilities params="" retval=CONT msg=""
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running capabilities hook in auth/flat_file plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [auth/flat_file] Auth disabled for insecure public connection
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=capabilities plugin=auth/flat_file function=hook_capabilities params="" retval=CONT msg=""
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-mydomain.com Hello mydomain.com [111.222.333.444], Haraka is at your service.
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-PIPELINING
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-8BITMIME
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250-SIZE 0
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 250 STARTTLS
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] C: STARTTLS state=1
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running unrecognized_command hook in tls plugin
[PROTOCOL] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] S: 220 Go ahead.
[DEBUG] [-] [core] Upgrading to TLS
[DEBUG] [-] [core] TLS secured.
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=unrecognized_command plugin=tls function=tls_unrecognized_command params="STARTTLS" retval=OK msg=""
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] client [111.222.333.444] dropped connection
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hooks
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] running disconnect hook in tls plugin
[DEBUG] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] hook=disconnect plugin=tls function=hook_disconnect params="" retval=CONT msg=""
[NOTICE] [06F7A5F3-E976-404E-8629-CAB3771964E9] [core] disconnect ip=111.222.333.444 rdns="mydomain.com" helo="" relay=N early=N esmtp=Y tls=Y pipe=N errors=0 txns=0 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="" time=0.06
这里是发送外发电子邮件的完整 nodejs 客户端代码
// https://github.com/nodemailer/nodemailer
var nodemailer = require('nodemailer');
var transporter = nodemailer.createTransport('smtp://myloginid:mypassword@mydomain.com:587');
var mailOptions = {
host: 'mydomain.com',
port: 587,
from: 'myloginid@mydomain.com', // sender address
to: 'mygmailname@gmail.com', // list of receivers
subject: 'Hello',
text: 'Hello world',
debug: true,
auth: {
user: 'myloginid',
pass: 'mypassword'
}
};
// send mail with defined transport object
transporter.sendMail(mailOptions, function(error, info){
if(error){
return console.log(error);
}
console.log('Message sent: ' + info.response);
});
节点--版本 v6.6.0
我正在使用
教程生成的 TLS 证书https://letsecure.me/secure-web-deployment-with-lets-encrypt-and-nginx/
这是四个证书文件
cert.pem chain.pem 全chain.pem privkey.pem
我为 haraka 使用了其中两个 TLS 证书文件
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/privkey.pem ${HARAKA_HOME}/config/tls_key.pem
cp /etc/letsencrypt/live/${FRESH_DOMAIN}/cert.pem ${HARAKA_HOME}/config/tls_cert.pem
这里是错误
客户端 nodemailer
Error: unable to verify the first certificate at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
haraka 日志错误:
[INFO] [06F7A5F3-E976-404E-8629-CAB3771964E9] [tls] secured: cipher=ECDHE-RSA-AES128-GCM-SHA256 version=TLSv1/SSLv3 verified=false error="Error: unable to get issuer certificate"
有什么建议吗?
PS。奇怪的是,即使上面的 nodejs 电子邮件客户端失败,如果我使用 swaks 发送电子邮件,它目前确实可以正常工作
swaks -f myloginid@mydomain.com -t mygmailname@gmail.com -s localhost -p 587 -au myloginid -ap mypassword
我在上面使用的 letsencrypt TLS 证书文件的选择适用于其他电子邮件服务器,如 postfix ...但 haraka 想要文件 fullchain.pem
之前用错了:cert.pem
正确的 TLS 证书:fullchain.pem
此文件更改修复了 TLS 错误,因此 Haraka 现在可以使用上述 nodejs 客户端代码发送外发电子邮件