Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
467 views
in Technique[技术] by (71.8m points)

node.js - Why Nodemailer does not securely connect to my server running on a shared host

I need to secure the connexion between my node app and my mail server (running on a shared hosting). I use Nodemailer configured like this :

{  
   transport: {
     // Is this where I am not sure
      key: [ readFileSync(__dirname + '/../../../../cert.pem') ],
      host: mail.my.domain,
      auth: {
        user: USER,
        pass: PWD
     }
  }
}

When I try to send an email I end up with this error:

Hostname/IP does not match certificate's altnames: Host: mail.my.domain. is not in the cert's altnames: DNS:xxx.planethoster.net, DNS:xxx.xxx.planethoster.net

I read everywhere that I should use rejectUnauthorized: true to by pass this issue and it works. But it is not an option to let this connexion ensecure.

The cert.pem loaded was the private ~/ssl/keys/XXXX.key of my mail server renamed with the .pem extension. I am not very confortable with certificate/keys stuff but I know that the running SSL certificate on my server is a valid one.

So, I have doubt about the files I renamed and gave to Nodemailer.

question from:https://stackoverflow.com/questions/65843572/why-nodemailer-does-not-securely-connect-to-my-server-running-on-a-shared-host

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Planethoster support helped me to understand what was going wrong. I wan't to let this here as I think I won't be the only one to use share hosting for mailing.

In fact, my mail server is on a shared hosting at Planethoster. Thus, the certificate is only for the hosting machine name. Here it is world-346.fr.planethoster.net

So I resolved the problem by setting my configuration like this:

{  
   transport: {
      // Removed the unecessary cert loading
      // key: [ readFileSync(__dirname + '/../../../../cert.pem') ],
      host: world-346.fr.planethoster.net, // The host is now the shared machine
      auth: {
        user: USER,
        pass: PWD
     }
  }
}

The host machine is now OK with the given hostname as it is included in its certificate.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...