W
Wasp6d ago
lucky72o

Fail to send SMTP email

Recently, I started getting an error while trying to send an email via SMTP. It did work perfectly before. The error: Failed to send email Error: unable to verify the first certificate 2025-05-04T11:12:36Z app[2871e65f094428] mia [info] at TLSSocket.onConnectSecure (node:_tls_wrap:1600:34) 2025-05-04T11:12:36Z app[2871e65f094428] mia [info] at TLSSocket.emit (node:events:517:28) 2025-05-04T11:12:36Z app[2871e65f094428] mia [info] at TLSSocket._finishInit (node:_tls_wrap:1017:8) 2025-05-04T11:12:36Z app[2871e65f094428] mia [info] at ssl.onhandshakedone (node:_tls_wrap:803:12) { 2025-05-04T11:12:36Z app[2871e65f094428] mia [info] code: 'ESOCKET', 2025-05-04T11:12:36Z app[2871e65f094428] mia [info] command: 'CONN' 2025-05-04T11:12:36Z app[2871e65f094428] mia [info]} This works locally via a simple Python script, but fails when deployed (I use fly.io). My SMTP config looks like this: SMTP_HOST=s30.wpx.net SMTP_USERNAME=email SMTP_PASSWORD=password SMTP_PORT=465 Any ideas what can be missing and how I can debug this issue?
8 Replies
kapa.ai
kapa.ai6d ago
Hi @lucky72o. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- The error you're experiencing with SMTP email sending in your deployed Wasp application appears to be related to SSL certificate verification issues. This is a common problem when working with secure connections in production environments. Based on the error message "unable to verify the first certificate," it seems that your application is having trouble validating the SSL certificate from your SMTP server when deployed to Fly.io, even though it works locally. Possible Solutions 1. Update Prisma Version: There was a similar issue in the past with SSL 3.0 support in Prisma that was fixed in version 3.13. If you're using an older version of Wasp, updating to a newer version might help, as mentioned in a GitHub issue about Prisma SSL support. 2. Try Redeploying: Sometimes issues can occur unexpectedly without any changes on your part, as mentioned by other Wasp users in similar situations. Try redeploying your application with: 
   wasp deploy fly deploy
   
   wasp deploy fly deploy
3. Add SSL Configuration: You might need to explicitly configure SSL options for your SMTP connection. In your email sending code, you could try modifying the SMTP configuration to include SSL options: 
   import { emailSender } from "wasp/server/email";
   
   // In your action handler
   const info = await emailSender.send({
     from: {
       name: "Your Name",
     },
     subject: "Your Subject",
     text: "Your text message",
     html: "Your <strong>HTML</strong> message",
   });
   
   import { emailSender } from "wasp/server/email";
   
   // In your action handler
   const info = await emailSender.send({
     from: {
       name: "Your Name",
     },
     subject: "Your Subject",
     text: "Your text message",
     html: "Your <strong>HTML</strong> message",
   });
4. Check Environment Variables: Ensure all your SMTP environment variables are correctly set in your Fly.io deployment. You might need to add additional configuration for secure connections. 5. Try a Different Provider: If the issue persists, you might consider switching to another email provider like Mailgun or SendGrid which are directly supported by Wasp. Debugging Steps 1. Check if your SMTP server requires any special SSL/TLS configuration 2. Verify that your SMTP credentials are correct in the Fly.io environment 3. Try updating your Wasp version if you're using an older one 4. Consider adding a NODE_TLS_REJECT_UNAUTHORIZED=0 environment variable temporarily for testing (NOT for production use as it disables certificate verification) This appears to be an issue with SSL certificate verification in your deployed environment rather than a problem with Wasp itself. The error suggests that your application cannot verify the SSL certificate chain from your SMTP provider when running on Fly.io. Let me know if you need more specific guidance based on these suggestions! ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @lucky72o, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
lucky72o
lucky72oOP6d ago
when I add NODE_TLS_REJECT_UNAUTHORIZED=0 it works, but I don't think I should use it as the solution on prod
Carlos
Carlos5d ago
Hi @lucky72o, I'd say that your provider (wpx.net) is using a SSL provider that is not recognized by Node.js. To see it better, check s30.wpx.net on https://www.checktls.com/TestReceiver. This has nothing to do with Wasp, but with the environment that runs Node.js, so in this case, Fly. They might not have the Sectigo CA installed. I made a quick script you can deploy on Fly that will log the CA certificates that are installed on that environment. If "Sectigo" is present in the list, we can continue checking. If it is not, I'd open an issue with Fly support asking them to install the Sectigo CA, and with WPX asking them to use a different TLS provider.
Gist
Log CA Certificates in Node.js
Log CA Certificates in Node.js. GitHub Gist: instantly share code, notes, and snippets.
Carlos
Carlos5d ago
You can also set the NODE_EXTRA_CA_CERTS env, and give it Sectigo's CA, it will make Node.js accept it.
lucky72o
lucky72oOP5d ago
@Carlos Thank you a lot for looking into this and for providing debugging steps! I will try your script and come back to you later. Fot the second option, could you please give me a little more details? I'm not that familiar with all these certificate configurations. Not sure I understand on what should I set to NODE_EXTRA_CA_CERTS env variable?
Carlos
Carlos5d ago
Checking on the checktls.com page, I can see that s30.wpx.net is using a certificate called Sectigo RSA Domain which is failing. I google it and got this Sectigo page. In it you can download the intermediate certificate and the root that signs it (click on the [Download ] Sectigo RSA Domain Validation Secure Server CA [ CA Bundle+ Cross Signed Certificates]). Once you have this file, you can run Node.js with the NODE_EXTRA_CA_CERTS environment variable, and the value should be the path of the file you just downloaded (e.g. NODE_EXTRA_CA_CERTS=./sectigo-certs.pem).
lucky72o
lucky72oOP5d ago
Great, thanks a lot for the help! One issue a faced while trying to deploy your script. I added the script and it works perfectly locally. But when I deploy it to fly.io via wasp deploy fly deploy I see an error in logs and server doesn't start successfully. Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'node-forge' imported from /app/.wasp/build/server/bundle/server.js Do I need to do anything extra to include newly installed node-forge package to deployment? sorry, ignore me, I think I installed it for dev only
MEE6
MEE65d ago
Wohooo @lucky72o, you just became a Waspeteer level 2!

Did you find this page helpful?