SOLVED - Email error (ssl certificate verify failed)

Hi all,

Since I updated the software and renew the SSL certificate I get the following error when entering the send email page. The site was running fine and it suddenly start giving me an error message for SSL after renewing certificate.

HandshakeException: Handshake error in client (OS Error:
CERTIFICATE_VERIFY_FAILED: Hostname mismatch(…/…/third_party/boringssl/src/ssl/handshake.cc:393))

I tried some tips found in an old thread but I think it be worth re-initiating a thread about it. Nothing worked.

MXToolBox says all the SSL is OK.

Screenshot 2024-04-17 1730452371×1102 125 KB

6689e7d71a3ed9cf8ffd7b1afa6b9563ed5b815d_2_1380x7121380×712 64 KB

Any tips appreciated.

Hi,

From the screenshot it looks like the browser is also declaring the URL to not be secure.

Well,

I did not know when it was taken exactly as I transfered the pic from another post I did.

Now, interestingly, when connecting on the hosted version via browser, I get this: XMLHttpRequest error.

In this new screenshot, you can see that the SSL is a pass in the browser.

Screenshot 2024-04-17 1821302109×1364 182 KB

Sorry, I’m not sure. I assume the problem is with the SSL certificate.

Well, It only does this error or any other error when trying to send an invoice. If I go and do a test email in settings->email it goes fine without error. I also noticed that the PDF within the “send invoice” never loads, only hangs.

May be relating to the PDF generation. If I do view PDF, I get the SSL message not sure why.

Are there any more details in the browser console?

It may help to test with the React web app.

I will check,
React web app? Not sure what you mean!

There’s an option at the top of the web dashboard to change from the Flutter app to the React app.

OK, I finally found the problem, damn its stupid but it gives all kinds of errors on the screen.

I kinda went back to basics and checked the SSL certifcate for compliance. I have noticed that the certificate was for http://billing.x.com. Then I checked the .env file app path and found that the path there was http://www.billing.x.com

Eventhough I had included the www version of the sub-domain in my CSR , the issuer (Sectigo) did not issue the www for the sub-domain.

I have modified the path and removed the www, close all app and tried again and voila! Message gone.

So the lesson is when you install a purchased SSL certificate, ensure that both version are covered in your CSR request, otherwise you’ll get errors. I had included both but somehow they do not allow both.

Thanks to hillel for helping me and direct me!

Regards

Glad to hear it’s solved, thanks for sharing the solution!

Well, i guess I spoke to soon!!

My PDF generation does not work anymore, it hangs with a wheel for ever. I know it is it because removing attach invoice send the email as mormal.

Somehow the PDF generator is broken, not sure why, i only chnaged the APP_URL to not include the www.

Using : hosted_ninja.

SnapPDF is pickd up by imunify.

Worked with:
PDF_GENERATOR=hosted_ninja

Tried:
PDF_GENERATOR=phantom
PDF_GENERATOR=snappdf

The file main.foss.dart.js seems to have something to do with the problem.

Ideas?

UPDATE:
Browser console shows the www still being tried???

GET: https://www.billing.dosplus.com/client/invoice/VLHEvLowETBcdYFU1J7Y2GNfur1X71af/download?t=1713835278541&t=1713835278541
One moment, please...

    Failed to load resource: net::ERR_CERT_COMMON_NAME_INVALID

main.foss.dart.js?v=5.8.47:86472 POST: One moment, please...?
main.foss.dart.js?v=5.8.47:86472 GET: One moment, please...
index.php/api/v1/client_statement?:1

    Failed to load resource: the server responded with a status of 500 (Internal Server Error)

main.foss.dart.js?v=5.8.47:86472 POST: One moment, please...

    [NEW] Explain Console errors by using Copilot in Edge: click 
     to explain an error. 
    Learn more
    Don't show again

main.foss.dart.js?v=5.8.47:86472 GET: https://www.billing.dosplus.com/client/invoice/VLHEvLowETBcdYFU1J7Y2GNfur1X71af/download?t=1713836335872&t=1713836335872
main.foss.dart.js?v=5.8.47:107253

    GET https://www.billing.dosplus.com/client/invoice/VLHEvLowETBcdYFU1J7Y2GNfur1X71af/download?t=1713836335872&t=1713836335872 net::ERR_CERT_COMMON_NAME_INVALID

j3 @ main.foss.dart.js?v=5.8.47:107253
ff0 @ main.foss.dart.js?v=5.8.47:352

    GET https://www.billing.dosplus.com/client/invoice/VLHEvLowETBcdYFU1J7Y2GNfur1X71af/download?t=1713836467232&t=1713836467232 net::ERR_CERT_COMMON_NAME_INVALID

Are you accessing the app with or without the ‘www’ part?

I changed the app_url value to htps://billing.dosplus.com

It was htps://www.billing.dosplus.com before, but the cert does not include it anymore.

You can see the message a customer receives that the url given is with the www and some not. I suspect the PDF is trying to generate with it and it does not works.

Screenshot 2024-04-23 080521818×945 127 KB

Well, I caved in and revisited the whole SSL thing.

Back to basics again. I have re-created my SSL;

a. Server Key: Using both domain extension, and
b. Server CSR Request: Using both domain extension

Then, I bought another certificate with that CSR and both domain are now visible in the domain encryption.

Installed and changed the .env file as per before. It seems to work now!

** I persist to say that when a change occurs into the .env file, not all instance called up are propagating the change. Notably the logo (As per seen above). Which breaks the PDF generation.

Works for now! Thx to hillel for helping

If you change the APP_URL value you’ll need to re-upload the logo to update it.

@david is it possible to change this, mane people get stuck on it.

HI,

I had changed the logo after finding that the logo had disappeared after changing the APP_URL. But is seems the URL stayed the same even after the upload.

Since it break the install I would expect that if you chnage something, that the logo and PDF keep generating properly.

Note: It was also keeping me from updating the app. The return I was getting was: The download is not currently available, try again later.

Since its fixed, the update processed correctly today.