Setting email notifications: "A problem occurred while sending the email. Please revise your settings. (Error: Unable to connect with TLS encryption)"

Nextcloud version: 22.2.3
Operating system and version: Debian Bullseye - Rpi 4
Apache or nginx version: nginx
PHP version: 7.4.25

The issue you are facing:

Setting email notifications: “A problem occurred while sending the email. Please revise your settings. (Error: Unable to connect with TLS encryption)”

Is this the first time you’ve seen this error?: Yes

Steps to replicate it:

  1. set email credentials
  2. hit send
  3. get error

The output of your Nextcloud log in Admin > Logging:

[PHP] Error: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /var/www/nextcloud/3rdparty/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php#94

at 2022-01-24T03:40:02+00:00

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'mynextcloud.com',
    1 => '192.168.57.195',
  ),
  'trusted_proxies' => 
  array (
    0 => '192.168.57.225',
  ),
  'overwriteprotocol' => 'https',
  'datadirectory' => '/var/www/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '22.2.3.0',
  'overwrite.cli.url' => 'http://192.168.57.196',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => '',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 2,
  'default_phone_region' => 'US',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_from_address' => 'minnix',
  'mail_domain' => 'minnix.dev',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'mail.minnix.dev',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'minnix@minnix.dev',
  'mail_smtppassword' => 'password',
  'mail_smtpsecure' => 'tls',
);

The output of your Apache/nginx/system log in /var/log/____:

2022/01/23 21:38:57 [error] 506#506: *14640 access forbidden by rule, client: 192.168.57.225, server: localhost, request: "GET /data/.ocdata?t=1642995537091 HTTP/1.1", host: "mynextcloud.com"

I have my nginx proxy on a separate machine where SSL is terminated. My nextcloud host nginx conf for nextcloud.conf:

upstream php-handler {
    server unix:/var/run/php/php7.4-fpm.sock;
}

server {
    listen 80;
    listen [::]:80;
    server_name localhost;

    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Robots-Tag "none" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    fastcgi_hide_header X-Powered-By;

    root /var/www/nextcloud;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    




    client_max_body_size 10000M;
    fastcgi_buffers 64 4K;

    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml applicaEnter this intion/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php;
    }

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_read_timeout 1800;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }

    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;

        access_log off;
    }

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
    }
}

My reverse proxy conf:

server {
    server_name mynextcloud.com;
    set $upstream 192.168.57.195:80;

    location / {
    proxy_pass_header Authorization;
    proxy_pass http://$upstream;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_set_header Connection “”;
    proxy_buffering off;
    client_max_body_size 10000M;
    proxy_read_timeout 36000s;
    proxy_redirect off;
    }

    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    }
    location = /.well-known/webfinger {
      return 301 $scheme://$host:$server_port/index.php/.well-known/webfinger;
    }
    location = /.well-known/nodeinfo {
      return 301 $scheme://$host:$server_port/index.php/.well-known/nodeinfo;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mynextcloud.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mynextcloud.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
    server {
    if ($host = mynextcloud.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name mynextcloud.com;
    listen 80;
    return 404; # managed by Certbot


}

Not sure if those help any.

Currently using iRedMail as my selfhosted mail server, letsencrypt cert. Get the error in the title when trying to send myself a test mail from NC to set up notifications. Any ideas? Thanks.

Have been stuck with the same problem myself and struggling with it for days. Updating to the latest SuSE Leap and the latest NextCloud didn’t help. As it turned out it is a problem with my mail provider but solved now.

Summary : Even though it is possible to connect to my hosted web-site/mailserver from e.g. thunderbird, using smtp.my-domain.eu and
sudo -u wwwrun mail -s nxaccount@my-domain.eu -t recipient@some_domain.tld < /dev/null
works fine, NextCloud wasn’t sending mails to domains other than my-domain.eu.
Error message was “Unable to connect with TLS encryption (code: 0)”

As it turned out the problem was that my hosted mail server was returning a different server address, www123.my-hoster.de. Looks like NextCloud or something in the underlying Linux installation doesn’t like this.

Changing the Server Address on the email setup page, https://nextcloud.my-domain.eu/index.php/settings/admin, from smtp.my-domain.eu to www123.my-hoster.de solved the issue.

I did have a bunch of other problems, new server certificate which needed to be installed etc, but these were nothing to do with NextCloud.

The issue can be located in the NextCloud log file /var/lib/nextcloud/data//nextcloud.log if you see something like this:
Peer certificate CN=*.my-hoster.de' did not match expected CN=smtp.my-domain.eu’

1 Like