When gitlab try to send email via external smtp server, sidekiq mail queue crash with error like:
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
Fix for package installed gitlab:
Edit /etc/gitlab/gitlab.rb and add:
For ubuntu system wide ca bundle:
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
For centos system wide ca bundle:
gitlab_rails['smtp_ca_file'] = "/etc/pki/tls/certs/ca-bundle.crt"
Or omnibus gitlab package:
gitlab_rails['smtp_ca_file'] = "/opt/gitlab/embedded/ssl/cert.pem"
Then run gitlab-ctl reconfigure.
For gitlab installed from source code:
Edit file config/initializers/smtp_settings.rb:
ActionMailer::Base.smtp_settings = {
authentication: :login,
...
# For ubuntu
ca_file: "/etc/ssl/certs/ca-certificates.crt",
# For centos
#ca_file: "/etc/pki/tls/certs/ca-bundle.crt",
}
Finnaly restart gitlab service:
service gitlab restart
Or omnibus gitlab package:
gitlab-ctl restart
For test settings:
Run the gitlab console
sudo gitlab-rails console
And send test email
Notify.test_email('test@domain.ltd', 'Message Subject', 'Message Body').deliver_now
omnibus gitlab package full example for yandex:
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@domain.ltd'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'admin@domain.ltd'
gitlab_rails['gitlab_email_subject_suffix'] = ''
gitlab_rails['incoming_email_enabled'] = false
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.yandex.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "gitlab@domain.ltd"
gitlab_rails['smtp_password'] = "******"
gitlab_rails['smtp_domain'] = "domain.ltd"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-bundle.crt"
Links