Kimai2 Email TLS not working

levino · January 20, 2023, 8:00am

I have kimai2 installed via the official app store. When I try to register new users, I get an error during sending the email. In the kimai2 logs I find:

[2023-01-20 07:39:40] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Mailer\Exception\TransportException: "Unable to connect with STARTTLS." at /var/www/kimai2/vendor/symfony/mailer/Transport/Smtp/EsmtpTransport.php line 110 {"exception":"[object] (Symfony\\Component\\Mailer\\Exception\\TransportException(code: 0): Unable to connect with STARTTLS. at /var/www/kimai2/vendor/symfony/mailer/Transport/Smtp/EsmtpTransport.php:110)"} []
[2023-01-20 07:39:40] php.WARNING: Warning: stream_socket_enable_crypto(): Peer certificate CN=`schule-maschsee-xyz.nohost.me' did not match expected CN=`localhost' {"exception":"[object] (ErrorException(code: 0): Warning: stream_socket_enable_crypto(): Peer certificate CN=`schule-maschsee-xyz.nohost.me' did not match expected CN=`localhost' at /var/www/kimai2/vendor/symfony/mailer/Transport/Smtp/Stream/SocketStream.php:154)"} []
[2023-01-20 07:39:40] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2023-01-20 07:39:40] request.INFO: Matched route "fos_user_registration_register". {"route":"fos_user_registration_register","route_parameters":{"_route":"fos_user_registration_register","_controller":"App\\Controller\\Security\\SelfRegistrationController::registerAction","_locale":"en"},"request_uri":"https://schule-maschsee-xyz.nohost.me/en/register/","method":"POST"} []

When I look at /var/www/kimai2/.env I see:

MAILER_URL=smtp://localhost:25?encryption=&auth_mode=

So I guess that symfony tries to connect to a locally running smtp server which provides the certificate for the public hostname schule-maschsee-xyz.nohost.me and this fails. In theory I would say the smtp should not be using tls and also not be available on 0.0.0.0 but only 127.0.0.1 resp. localhost. Did I misconfigure something? How can I switch off tls for the smtp server? Or should I switch it on and use the public hostname? Then I would need authentication. How would I do that?

Thank you for any help! I am also happy to provide further input if necessary. SSL for the web services works fine btw.

levino · January 20, 2023, 8:15am

Okay, I fixed it myself. First I created a user “noreply” for safety reasons (so the password which I will have to store on disk does not allow for any mischief). Then I changed .env file to:

MAILER_FROM=noreply@schule-maschsee-xyz.nohost.me
MAILER_URL=smtp://noreply:'{PASSWORD}'@schule-maschsee-xyz.nohost.me:587?encryption=starttls

Now it works and I guess this is the right way to set it up. It is a shame that kimai2 does not offer to configure the email address and MAILER_URL from the webinterface.

system · February 4, 2023, 8:16am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.