ERROR: error reading: received fatal alert: UnknownCA

poised-goat · March 5, 2024, 1:51am

Having an issue, not quite certain what it is..

[x.x.x.x:3852->y.y.y.y:25] 265ms === ERROR: error reading: received fatal alert: UnknownCA
[38.74.128.59:3852->108.181.135.169:25] 265ms === Closed```

inclusive-eagle · March 5, 2024, 1:51am

Hey there @poised-goat, thanks for posting. Please read the “Troubleshooting” and “How to Ask for Help” buttons below. If you would like a 1:1 support session from the KumoMTA team, details are at the “Book a Support Session” button below.

poised-goat · March 5, 2024, 1:55am

I bet my self-signed certificate is done wrong

poised-goat · March 5, 2024, 1:56am

SWAKs on a remote system was able to work though, but maybe SWAKs didn’t care and this system does?

poised-goat · March 5, 2024, 2:04am

hmm. I redid the Creating a Self-Signed Certificate from the tutorials section, and am still getting that error…

poised-goat · March 5, 2024, 2:05am

so what I’m wondering, is if the SENDING system has some kind of funky TLS certain, and that’s Kumo complaining about receiving it

poised-goat · March 5, 2024, 2:06am

currently trying to get trace-smtp-server to be even more verbose. it looks like that error is in a Rust Library, but that you can get it to give you more info sometimes

tom · March 5, 2024, 2:59am

Check permissions on that cert. most of the time we see SSL issues, it is permissions on the file

tom · March 5, 2024, 3:01am

I think I wrote up a bit on that in the tutorial.

poised-goat · March 5, 2024, 3:16am

I don’t see that in this section: https://docs.kumomta.com/tutorial/system_preparation/?h=certi#creating-a-self-signed-certificate

but I’ll check if I can find somewhere else talking about SSL permissions

poised-goat · March 5, 2024, 3:16am

it would be nice if that was the issue

tom · March 5, 2024, 3:23am

Hmmm. Yeah I see that. Gimme a minute to see

poised-goat · March 5, 2024, 3:23am

it appears to be an INBOUND issue coming from the platform (think mautic/ongage/etc. this is private unreleased one yet. though I just got them to agree to integrate Kumo )

poised-goat · March 5, 2024, 3:24am

at least I think that’s the issue based on trace-smtp-server

poised-goat · March 5, 2024, 3:24am

I just did a swaks thest with --tls and it worked fine

poised-goat · March 5, 2024, 3:24am

so my guess is that the platform’s server is failing it’s Certificate check with Kumo…which is a bit weird and what I’d like to get to be more verbose so I can figure out where/why and let them know what to fix

poised-goat · March 5, 2024, 3:25am

it’s late for you though, so please feel free to ignore me if nothing’s sticking out immediately

tom · March 5, 2024, 3:25am

Hmm. You know I saw that with another injector that was not handling STARTTLS properly ( strangely a common issue)

tom · March 5, 2024, 3:26am

I was able to show that with kcli

poised-goat · March 5, 2024, 3:27am

^^I’m wondering if there’s a way to get that even MORE verbose. what I pasted on the first message was all I got from kcli trace-smtp-server