Nodemailer: Nodemailer v1.3.2 and io.js sendmail error : self signed certificate

Created on 20 Mar 2015 · 11Comments · Source: nodemailer/nodemailer

I've upgrade nodemailer from v.0.7 to v.1.3.2
I also used nodemailer-smtp-transport

but when call sendmail function, there will be an error return as followed
'{ [Error: self signed certificate] code: 'DEPTH_ZERO_SELF_SIGNED_CERT' }'

This is my createTransport config

var transporter = nodemailer.createTransport(smtpTransport({
        host: "outmail.abc.co.th", // hostname
        secure: false, // use SSL
        port: 25, // port for secure SMTP
        auth: {
            user: "[email protected]",
            pass: "passwordmail"
        }
    }));

 var mailOptions = {
        from: '[email protected]', // sender address
        to: '[email protected]', // list of receivers
        cc: '[email protected]', // Comma separated list or an array
        subject: 'test upgrde nodemailer subject', // Subject line
        html: '<b>Hello world </b>' // html body
    };

transporter.sendMail(mailOptions, function(error, info){
        if(error){
            console.log("/sendmail error");
            console.log(error);
            res.sendStatus(500);
            return;
        }else{
            console.log("Message sent: " + info.response);
            // if you don't want to use this transport object anymore, uncomment following line
            socketTimeout: 30 * 1000 // 0.5 min: Time of inactivity until the connection is closed
            transporter.close(); // shut down the connection pool, no more messages
            res.sendStatus(200);
        }

        // if you don't want to use this transport object anymore, uncomment following line
        transporter.close(); // shut down the connection pool, no more messages
    });

Source

sarahpy

Most helpful comment

NODE_TLS_REJECT_UNAUTHORIZED applies to the entire application, so it is not a good solution. If you know that the host does not have a valid certificate you can allow it in the transport settings with tls.rejectUnauthorized option:

var transporter = nodemailer.createTransport(smtpTransport({
    host: "outmail.abc.co.th", // hostname
    secure: false, // use SSL
    port: 25, // port for secure SMTP
    auth: {
        user: "[email protected]",
        pass: "passwordmail"
    },
    tls: {
        rejectUnauthorized: false
    }
}));

andris9 on 20 Mar 2015

👍151 ❤21 🎉16 😄9 🚀5 👎3 😕1

All 11 comments

Oh, i found the solution
If you requests to a server that uses self-signed certificates in Node.js probably you already have seen the error DEPTH_ZERO_SELF_SIGNED_CERT. To overcome it, place the code below in node.js file

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

sarahpy on 20 Mar 2015

👎15 👍5 ❤3 😕3

var transporter = nodemailer.createTransport(smtpTransport({
    host: "outmail.abc.co.th", // hostname
    secure: false, // use SSL
    port: 25, // port for secure SMTP
    auth: {
        user: "[email protected]",
        pass: "passwordmail"
    },
    tls: {
        rejectUnauthorized: false
    }
}));

andris9 on 20 Mar 2015

👍151 ❤21 🎉16 😄9 🚀5 👎3 😕1

Is there a way to accept the self-signed certificate, to allow signing?

Otherwise the current solution does not sign sent emails relayed through and in gmail show an undesirable open red lock to recipients. Email details show "encryption: example.com did not encrypt this message".

This might be achieved by providing the certificate string into tls options.

I am using Postfix as a relay on a private network. Nodemailer running on different machine than the Postfix server.

uiteoi on 29 Oct 2016

@uiteoi Red lock image in Gmail means that your Postfix does not use STARTTLS to encrypt messages when connecting to Gmail. Nodemailer can't affect this in any way.

If you want to use STARTTLS when connecting to Postfix from Nodemailer, then you can use the tls: { rejectUnauthorized: false } configuration option like shown above.

andris9 on 30 Oct 2016

You are absolutely right @andris9. Thank you.

For some reason this Postfix server was missing:
smtp_tls_security_level = may

Now everything works, thanks for this great library.

uiteoi on 30 Oct 2016

Thank you @andris9

SenthilMahe on 31 Mar 2017

In my case my Avast antivirus has caused this probem. When i had switched off antivirus shields error has gone. Some people say that AWG cause it too.

martinesdevelop on 25 Jan 2019

👍9 ❤1

I'm getting this error even though my website does have a valid SSL certificate... Has any one had the same issue?

evenmed on 30 Jun 2019

i am using node-red and nodemailer with this self-signed error in my home-install.
anybody out there to point me to the path/file to set this option?

tls: {
    rejectUnauthorized: false
}

many, many thx

ozett on 22 Oct 2019

Or with the url parameter:
smtp://localhost:1025?tls.rejectUnauthorized=false

As you can see here:

https://github.com/nodemailer/nodemailer/blob/4b6942206277abaedddcf35561539812587fe141/lib/shared/index.js#L193-L206

patlux on 11 Mar 2020

In my case my Avast antivirus has caused this probem. When i had switched off antivirus shields error has gone. Some people say that AWG cause it too.

This was actually my problem as well, it's insane how much I've read to finally discover the solution. Thank you!