Level 10
Have you considered using MailGun or Mandrill? Those don't require SMTP setup and are very easy integrated to Laravel. At least MailGun can be used for free as long as it isn't too many mails.
1 like
Jun 15, 2016
4
Level 1
How to get SMTP mail driver working on Forge+LetsEncrypt?
Hi,
I've been trying to get the SMTP mail driver for Laravel to work on a Forge server that uses LetsEncrypt. Problem is, that I get this error message when trying to send an e-mail via artisan tinker:
"PHP warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /home/forge/intranet.trainingenopmaat.nl/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 95"
Anyone have a suggestion on how to get the SMTP mail driver working on a Forge server that uses Let's encrypt?
Testing steps
Code I use in artisan's tinker functionality to test testing:
Mail::raw('This is a test', function ($message)
{
$message->to('{snip primary mail address}');
$message->cc('{snip secundary mail address}');
$message->subject('This is a test');
});
My basic settings: MAIL_DRIVER=SMTP, MAIL_ENCRYPTION=TLS
What I've tried so far
Editing PHP Ini values for certs
According to Google, this has to do with SSL certificate configuration not being correct. See http://stackoverflow.com/questions/34515120/php-verify-failed-with-letsencrypt
Following the above URL I've tried adding the URL the Forge control panel provided (which points to ".../server.crt") to the "curl.cainfo" and "openssl.cafile" keys in the PHP-FPM and PHP-CLI ini files to test if that works, but it doesn't.
For one, if I do that and run php artisan tinker and try the mail function, I get:
PHP warning: failed loading cafile stream: `{snip}/server.crt' in /home/forge/{snip}/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 95 (according to the PHP source code this has to do with not being able to open the file, so I reckoned it was maybe a permissions issue)
Secondly, if I run sudo php artisan tinker, I get the same old verify certificate error again:
PHP warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /home/forge/{snip}/vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php on line 95
Also, my entire application fails when I set this, because it'll die with the following error:
[2016-06-15 14:37:04] production.ERROR: exception 'GuzzleHttp\Exception\RequestException' with message 'cURL error 77: error setting certificate verify locations:
CAfile: /etc/nginx/ssl/{snip}server.crt
CApath: /etc/ssl/certs (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)' in /home/forge/{snip}/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:187
(I do not know what this means - googling determines not having the ca-certificates Ubuntu package installed could be cause of this bug, but I have it installed. I haven't done any further checking yet)
Level 1
Jep, I have; but the organization I'm working with is picky when it comes to privacy and hence doesn't want to use external solutions for emails. They want to use an in-house SMTP server (it's not on the same server tho) instead.
Thanks for the suggestion though :)
Level 11
Continuing from your conversation in slack:
I'm assuming you're connecting to a remote SMTP server. Let me know if not (if you've installed a mail service on your forge server).
Setting up SSL in Forge (via LetsEncrypt, or anything) is unrelated to using SSL connections to connect to an SMTP service. The SMTP service has to have their SSL certs setup correctly (the SMTP server) not your Forge server (the SMTP client).
Your PHP code is connecting to a SMTP service over SSL. That means that the server your PHP code on will need the ability to connect to a server over SSL. This usually just means having openssl installed ( you do, on forge). This does not mean you need a working SSL certificate on your server.
The option to enable SSL via LetsEncrypt just lets other clients connect to your server over SSL (Forge only sets that up in the web server). However, you're making an outbound connection from your server. You're not making an external connection into your forge server.
That being said, you haven't really said what you're SMTP setup is, so I'm not really sure what you're end goal is or how you're connecting to an SMTP service. I'm just guessing based on what most people need to do (send an email from PHP code using whatever email provider they happen to have)
Overall, I still agree with the assessment to use a third party such as Mailgun.
1 like
Level 1
Thanks, that made the issue a lot more clear! Always kind of sweet when something you think is a bug with your software isn't a bug after all.
Please or to participate in this conversation.