Email queue not sending emails after upgrade from Kentico 10 to 12

Marcelo Matus-Nicodemos asked on July 18, 2024 16:46

Hi,

My company upgraded to Kentico 12 from Kentico 10 and since then the email notification system has stopped working. The emails end up in the email queue without being sent.

Without changing any of the default SMTP server settings in settings -> system -> emails, the error message I receive from the queue says, "An error occurred while attempting to establish an SSL or TLS connection. The hostname did not match the name given in the server's SSL certificate. The remote certificate is invalid according to the validation procedure."

The server name entered in the default SMTP settings is a relay server that redirects requests to one of two servers. I manually entered the name of one of the two servers and received a different error message in the email queue, which said, "An error occurred while attempting to establish an SSL or TLS connection. The server's SSL certificate could not be validated for the following reasons: the server certificate has the following errors: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. The remote certificate is invalid according to the validation procedure."

The person in charge of server configurations said that everything was working fine before the upgrade and that the problem should be coming from the CMS. I read an article posted here on devnet.kentico.com about testing SMTP server connectivity with an open-source SMTP server for testing purposes. I downloaded and tested with smtp4dev and got the same message (certificate chain processed message) as when entering a specific server name.

Any ideas about what might be going on? Any help would be greatly appreciated.

Sincerely, Marcelo

Recent Answers

Juraj Ondrus answered on July 19, 2024 06:09

HAve you also applied the latest hotfix? The thing is that due to SMTP server authentication changes required by new SMTP providers, the authentication was changed and also Kentico started using MailKit package for this - and the SSL/TLS is now required. So, one option is to set your SMTP server to use a valid and trusted SSL certificate - MailKit FAQ. Or, do not apply one of the latest K12 hotfixes or, move to Kentico 13 where you can implement custom ISmtpClientFactory.

0 votesVote for this answer Mark as a Correct answer

Marcelo Matus-Nicodemos answered on July 22, 2024 14:17

Thanks for replying, Juraj.

To answer your question, yes, I have the latest Kentico 12 hotfix version (v12.0.103). As for the SSL certificate on the SMTP server, we're using a wildcard certificate. Please let me know if that makes any difference.

 

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on July 23, 2024 06:11

I would try using different SMTP server for testing to see where the issue is, on what end. You can try using PaperCut or SMTP4Dev. Here are some other tips too.

0 votesVote for this answer Mark as a Correct answer

Marcelo Matus-Nicodemos answered on July 23, 2024 16:03

I tested with smtp4dev both through the CMS and through a simple smtp client program I wrote for testing purposes. The smtp4dev server receives the emails from the custom app, but I receive the same error messages when I try to relay those messages to the on-premise smtp server. I also receive a different message when I set the smtp4dev test server as the default smtp server on Kentico 12.

"An error occurred while attempting to establish an SSL or TLS connection.

This usually means that the SSL certificate presented by the server is not trusted by the system for one or more of the following reasons:

  1. The server is using a self-signed certificate which cannot be verified.
  2. The local system is missing a Root or Intermediate certificate needed to verify the server's certificate.
  3. A Certificate Authority CRL server for one or more of the certificates for one or more of the certificates in the chain is temporarily unavailable.
  4. The certificate presented by the server is expired or invalid.
  5. The set of SSL/TLS protocols supported by the client and server do not match.
  6. You are trying to connect to a port that does not support SSL/TLS.

See https://github.com/jstedfast/mailkit/blob/master/FAQ.md#SslHandshakeException for possible solutions.

The handshake failed due to an unexpected packet format."

I will continue running some tests but I'll be looking into the server SSL certificates and other options. As always, thanks for your input. Any other suggestions would be helpful as well.

Marcelo

0 votesVote for this answer Mark as a Correct answer

Marcelo Matus-Nicodemos answered on July 23, 2024 21:14

A quick update.

I tried a few examples from the Mailkit FAQ link, namely assigning the ServerCertificateValidationCallback function in the global.asax.cs file. I'm not sure if that is the best place to put the additional line of code, so if you know a better place to put it, please let me know.

The additional line of code allowed emails in the queue to be sent, but these emails are not appearing in the sent emails of the email queue. Emails from forms are not being sent though and that form functionality must be restored as soon as possible, so any suggestions on how to approach it would be most welcome.

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on July 24, 2024 08:40

I would recommend restoring backups and apply the last hotfix before the authentication change - which is 12.0.100. Otherwise, you need to do changes on the SMTP Server side and ensure proper SSL/TLS setup.

0 votesVote for this answer Mark as a Correct answer

Marcelo Matus-Nicodemos answered on July 24, 2024 13:40

Thanks for letting me know. And for all the info provided as well.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.