Postal
Renewed Cert on HTTP endpoint showing Invalid SSL Certificate #3522
-
|
As above - I have renewed the cert on the HTTP endpoint - this is a wildcard cert for many of our domains all of which have been updated and working as expected. However Postal is reporting "Invalid SSL Certificate" when sending mail to the endpoint. I have rolled the cert back to the previous version, however this expires on Friday 30th This is the latest release of Postal running on Debian 11 I've tried postal stop and start to no avail. Additional information/contextworker_1 | 2026-01-27 12:14:18 +0000 INFO message is incoming component=worker thread=work0 original_queued_message=2843 queued_message=2843 |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Judging by this Stack Overflow post, it sounds like Rubys version of the OpenSSL client can be a bit weird sometimes. It looks like this error is actually Postals own here Lines 71 to 77 in b7e5232 You could try removing the rescue to see what the actual exception message is which might help you see what the issue is. You could also try the openssl command from the Debian 11 server to see if it has any issues. You might want to go scorched earth and turn off the validation by setting this to OpenSSL::SSL::VERIFY_NONE but that wouldn't be ideal. Line 54 in b7e5232 |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Will, That does seem to be the issue - wildcard cert and browsers all showing the correct cert. I've have run: echo | openssl s_client -showcerts -servername gnupg.org -connect [DOMAIN]:443 2>/dev/null | openssl x509 -inform pem -noout -textAnd the expected cert appears - so it all seems in order, just not through postal - so it could Ruby's OpenSSL being odd as you said. I switched the endpoint to http and that works fine so that will be my ultimate fallback, hopefully get sometime to dig around with your suggestion before then! |
Beta Was this translation helpful? Give feedback.
-
|
@willpower232 just an FYI - I've updated to 3.3.5 on our non-live environment and switched the endpoint to https - this is now working as expected! Thanks! |
Beta Was this translation helpful? Give feedback.
@willpower232 just an FYI - I've updated to 3.3.5 on our non-live environment and switched the endpoint to https - this is now working as expected!
Thanks!