Mail not sending due to Mailgun's use of wildcard SSL certificate.

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • 31.0.6.2
  • Operating system and version (e.g., Ubuntu 24.04):
    • Linux 6.15.4-arch2-1 x86_64
  • Web server and version (e.g, Apache 2.4.25):
    • nginx/1.26.3 (in docker image)
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • nginx/1.26.3 via linuxserver.io 'swag' image
  • PHP version (e.g, 8.3):
    • 8.3.19
  • Is this the first time you’ve seen this error? (Yes / No):
    • yes
  • When did this problem seem to first start?
    • on attempting to configure email with Mailgun
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • linuxserver.io docker image
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • no (not that I'm aware)

Summary of the issue you are facing:

When attempting to send email via Mailgun, the connection fails because Mailgun is using a wildcard SSL certificate while Nextcloud wants to pin to a specific name; with the mismatch the connection is terminated and no email is sent.

Steps to replicate it (hint: details matter!):

  1. Configure email in Administration → Basic Settings
  2. Attempt to test and verify email settings
  3. Dig through logs to understand the opaque AxiosError: Request failed with status code 400 that was returned.

Log entries

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

{"reqId":"Vj5jqQ95nyPwOHTJh5ny","level":0,"time":"2025-07-07T02:36:31+00:00","remoteAddr":"10.0.1.8","user":"paul","app":"core","method":"POST","url":"/settings/admin/mailtest","message":"Sending mail to \"Array\n(\n    [mail@paulhart.ca] => Paul Hart\n)\n\" with subject \"Email setting test\" failed","userAgent":"Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0","version":"31.0.6.2","exception":{"Exception":"Symfony\\Component\\Mailer\\Exception\\TransportException","Message":"Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`*.mailgun.org' did not match expected CN=`smtp.mailgun.com'","Code":0,"Trace":[{"function":"Symfony\\Component\\Mailer\\Transport\\Smtp\\Stream\\{closure}","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\Stream\\SocketStream","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/Stream/SocketStream.php","line":174,"function":"stream_socket_enable_crypto"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/EsmtpTransport.php","line":152,"function":"startTLS","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\Stream\\SocketStream","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/EsmtpTransport.php","line":118,"function":"doEhloCommand","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\EsmtpTransport","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":254,"function":"executeCommand","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\EsmtpTransport","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":277,"function":"doHeloCommand","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":210,"function":"start","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/AbstractTransport.php","line":69,"function":"doSend","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/SmtpTransport.php","line":137,"function":"send","class":"Symfony\\Component\\Mailer\\Transport\\AbstractTransport","type":"->"},{"file":"/app/www/public/3rdparty/symfony/mailer/Mailer.php","line":42,"function":"send","class":"Symfony\\Component\\Mailer\\Transport\\Smtp\\SmtpTransport","type":"->"},{"file":"/app/www/public/lib/private/Mail/Mailer.php","line":206,"function":"send","class":"Symfony\\Component\\Mailer\\Mailer","type":"->"},{"file":"/config/www/nextcloud/apps/settings/lib/Controller/MailSettingsController.php","line":137,"function":"send","class":"OC\\Mail\\Mailer","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":200,"function":"sendTestMail","class":"OCA\\Settings\\Controller\\MailSettingsController","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/app/www/public/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/app/www/public/lib/base.php","line":1040,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/app/www/public/index.php","line":24,"function":"handleRequest","class":"OC","type":"::"}],"File":"/app/www/public/3rdparty/symfony/mailer/Transport/Smtp/Stream/SocketStream.php","Line":171,"message":"Sending mail to \"Array\n(\n    [mail@paulhart.ca] => Paul Hart\n)\n\" with subject \"Email setting test\" failed","exception":[],"CustomMessage":"Sending mail to \"Array\n(\n    [mail@paulhart.ca] => Paul Hart\n)\n\" with subject \"Email setting test\" failed"},"id":"686bb3343cdc9"}

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

{
    "system": {
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nextcloud.paulhart.ca"
        ],
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.6.2",
        "overwrite.cli.url": "https:\/\/nextcloud.paulhart.ca",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": true,
        "mail_smtpauthtype": "login",
        "mail_smtptimeout": 30,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": true,
        "memcache.locking": "\\OC\\Memcache\\APCu",
        "upgrade.disable-web": true,
        "loglevel": 2,
        "maintenance": false,
        "mail_smtpport": "587"
    }
}

Apps

The output of occ app:list (if possible).

Enabled:
  - activity: 4.0.0
  - app_api: 5.0.2
  - bruteforcesettings: 4.0.0
  - calendar: 5.3.3
  - circles: 31.0.0
  - cloud_federation_api: 1.14.0
  - comments: 1.21.0
  - contacts: 7.1.3
  - contactsinteraction: 1.12.0
  - dashboard: 7.11.0
  - dav: 1.33.0
  - federatedfilesharing: 1.21.0
  - federation: 1.21.0
  - files: 2.3.1
  - files_downloadlimit: 4.0.0
  - files_pdfviewer: 4.0.0
  - files_reminders: 1.4.0
  - files_sharing: 1.23.1
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - firstrunwizard: 4.0.0
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - mail: 5.1.4
  - nextcloud_announcements: 3.0.0
  - notes: 4.12.1
  - notifications: 4.0.0
  - oauth2: 1.19.1
  - password_policy: 3.0.0
  - photos: 4.0.0-dev.1
  - privacy: 3.0.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - recommendations: 4.0.0
  - related_resources: 2.0.0
  - richdocuments: 8.7.1
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - sharebymail: 1.21.0
  - spreed: 21.1.0
  - support: 3.0.0
  - survey_client: 3.0.0
  - systemtags: 1.21.1
  - text: 5.0.0
  - theming: 2.6.1
  - twofactor_backupcodes: 1.20.0
  - updatenotification: 1.21.0
  - user_status: 1.11.0
  - viewer: 4.0.0
  - weather_status: 1.11.0
  - webhook_listeners: 1.2.0
  - workflowengine: 2.13.0
Disabled:
  - admin_audit: 1.21.0
  - encryption: 2.19.0
  - files_external: 1.23.0
  - suspicious_login: 9.0.1
  - twofactor_nextcloud_notification: 5.0.0
  - twofactor_totp: 13.0.0-dev.0
  - user_ldap: 1.22.0

.org versus .com

AFAIK the official Mailgun guidance is to use smtp.mailgun.org

1 Like

aaaaaaaah! thank you for the second set of eyes, that was a simple fix.

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.