Hello,
I’m having trouble setting up AWS SES SMTP server in Octopus, see screenshot below for settings:
when I try to run a test with “Save and Test” the task runs indefinitely.
What I tested so far:
- ran a mail sending script on the Octopus server with the same settings and it worked,
- ran the same script from the Octopus Script Console and it ran successfully.
Going forward with the investigation, I’ve checked the raw logs and found out that I get the error below:
An error occurred while attempting to establish an SSL or TLS connection.
The SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:
- The server is using a self-signed certificate which cannot be verified.
- The local system is missing a Root or Intermediate certificate needed to verify the server’s certificate.
- The certificate presented by the server is expired or invalid.
See MailKit/FAQ.md at master · jstedfast/MailKit · GitHub for possible solutions.
MailKit.Security.SslHandshakeException
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
at MailKit.Net.Smtp.SmtpClient.Connect(String host, Int32 port, SecureSocketOptions options, CancellationToken cancellationToken)
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.TryConnectToSMTPHost(SmtpConfiguration configuration, SmtpClient client, CancellationToken token) in SmtpClientWrapper.cs:line 101
at Nevermore.Transient.RetryPolicy.<>c__DisplayClass26_0.b__0()
at Nevermore.Transient.RetryPolicy.ExecuteAction[TResult](Func`1 func)
at Nevermore.Transient.RetryPolicy.ExecuteAction(Action action)
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.CreateSmtpClient(SmtpConfiguration configuration, CancellationToken token) in SmtpClientWrapper.cs:line 60
at Octopus.Core.Util.SmtpClient.SmtpClientWrapper.Send(SmtpConfiguration configuration, MailMessage message, CancellationToken token) in SmtpClientWrapper.cs:line 21
at Octopus.Server.Orchestration.ServerTasks.TestEmail.TestEmailTaskController.Execute() in TestEmailTaskController.cs:line 53
at Octopus.Server.Orchestration.ServerTasks.RunningTask.RunMainThread() in RunningTask.cs:line 129–Inner Exception–
The remote certificate is invalid according to the validation procedure.
System.Security.Authentication.AuthenticationException
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
at MailKit.Net.Smtp.SmtpClient.ConnectAsync(String host, Int32 port, SecureSocketOptions options, Boolean doAsync, CancellationToken cancellationToken)
Having this error I suspect that the CRL, OCSP servers are not reachable via a missing URL whitelist, do you happen to know where to look which CRL/OCSP servers are being used during this process?
Thanks!
Géza
