Infiniroot Blog: We sometimes write, too.

Of course we cannot always share details about our work with customers, but nevertheless it is nice to show our technical achievements and share some of our implemented solutions.

E-mails are not sent anymore after upgrade to Invoice Ninja 5.5.x (Unable to connect with STARTTLS on localhost mailserver)

Published on December 20th 2022


Since July 2020 we offer managed Invoice Ninja servers as one of our dedicated server product line. The key here is the word managed. This means we thoroughly test new Invoice Ninja releases before updating the application on customer servers.

Managed Invoice Ninja at Infiniroot

Every now and then we catch a bug or regression (things that worked before but not after the version update). This article is about such a regression, how we found it and how we solved it.

Managed means we make sure it runs

When we are talking about managed servers and managed services, Infiniroot takes care of the technical aspects of the managed application. This involves maintenance and updates, troubleshooting and problem solving in case of problems and support for end users.

The same also applies to our managed dedicated Invoice Ninja servers - with the exception that we also make sure the application, not just the server behind the application, actually runs.

In order to do this, we frequently test new releases of Invoice Ninja on test instances. Our release testing involves several tasks:

As Invoice Ninja is frequently released as a new version, each release might contain new bugs or regressions. Before rolling out a new Invoice Ninja version to our customers, we want to make sure to use a "clean" and validated version.

Invoice Ninja 5.5 is a major change

Once Invoice Ninja 5.5.0 was released, the release notes already made clear that this is a major release. By switching to the new Laravel 9 PHP framework, PHP 8.1 is now required. The previous release 5.4.x was compatible with PHP versions 7.4, 8.0 and 8.1.

This obviously required a PHP version upgrade to PHP 8.1 - a typical task on the server side. But also the application changes (Laravel) needed to be considered. We quickly saw that when we upgraded to Invoice Ninja 5.5.45.

Invoice e-mails are not sent anymore

After having passed all the manual verification steps, the following days showed a problem: Mails are not sent out anymore. Did we just encounter a regression?

On the Invoice Ninja Dashboard, under the Activity tab, the error could be seen as:

System failed to email invoice INVOICENUMBER
Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=servername did not match expected CN='localhost'

When enhanced logging is enabled, this error can also be seen in the logs under storage/logs:

root@invoice:/var/www/invoiceninja# grep failed storage/logs/invoiceninja.log  |tail -n 5
[2022-12-19 08:01:18] production.INFO: error failed with Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`clement' did not match expected CN=`localhost'  
[2022-12-19 08:01:21] production.INFO: error failed with Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`clement' did not match expected CN=`localhost'  
[2022-12-19 08:01:24] production.INFO: error failed with Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`clement' did not match expected CN=`localhost'  
[2022-12-19 08:01:27] production.INFO: error failed with Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`clement' did not match expected CN=`localhost'  
[2022-12-19 08:01:36] production.INFO: error failed with Unable to connect with STARTTLS: stream_socket_enable_crypto(): Peer certificate CN=`clement' did not match expected CN=`localhost'  

In most of our managed Invoice Ninja servers, mailing (SMTP) happens via localhost, as each Invoice Ninja server is equipped with its own mail server. Once the SPF DNS records are accordingly created, this allows for independent e-mailing of invoices. No dependencies on another mail provider or an expired mailbox password to deliver an invoice to your customers.

The local mail server is configured in Invoice Ninja's application environment configuration file (.env):

root@invoice:/var/www/invoiceninja# grep ^MAIL .env
MAIL_MAILER="smtp"
MAIL_HOST="localhost"
MAIL_PORT="25"
MAIL_USERNAME=""
MAIL_PASSWORD=""
MAIL_ENCRYPTION=""

In the previous relase (5.4.x) this has worked fine but now with the updated Laravel framework, this SMTP configuration causes problems. As Laravel discussion #41385 points out, the Symfony mailer is unable to connect with STARTTLS since Laravel 9. Although no MAIL_ENCRYPTION is defined in the .env configuration file, the connection to the SMTP server on localhost is established with STARTTLS - a change compared to the older release. And because the TLS certificate is verified by Laravel, it doesn't match "localhost".

Use FQDN or disable peer verification

To solve this problem, there are two choices (when using a local SMTP server):

For our tests, we proceeded with an additional MAIL_VERIFY_PEER option in the .env config file:

root@invoice:/var/www/invoiceninja# grep ^MAIL .env
MAIL_MAILER="smtp"
MAIL_HOST="localhost"
MAIL_PORT="25"
MAIL_USERNAME=""
MAIL_PASSWORD=""
MAIL_ENCRYPTION=null
MAIL_VERIFY_PEER=false

Note: MAIL_ENCRYPTION set to empty or set to null did not change anything. The local SMTP connection was established using STARTTLS in either case.

Every modification in Invoice Ninja's .env file requires an artisan optimize run:

root@invoice:/var/www/invoiceninja# php8.1 artisan optimize

   INFO  Caching the framework bootstrap files.  

  config ....................................................................... 30ms DONE
  routes ....................................................................... 74ms DONE

Succeeding and completing our upgrade tests

Once the changes in .env added, Invoice Ninja started sending e-mails for new invoices and reminders again, therefore completing our own QA-checks. The logs confirmed that the SMTP errors have disappeared:

root@invoice:/var/www/invoiceninja# tail -f storage/logs/invoiceninja.log
[...]
[2022-12-20 08:18:41] production.INFO: trying to send to recipient@example.com 2022-12-20 08:18:41  
[2022-12-20 08:18:41] production.INFO: Using mailer => smtp  

For someone with technical knowledge, this was definitely not a very difficult fix. For self-hosted users, this information could be helpful nevertheless.

Ready to make the switch?

With this blog article we prove that Infiniroot does take the word "managed" seriously. We want to give our Invoice Ninja customers the best experience; this means a seamless update to a newer version - which has been tested and is validated by us before.

Since July 2020 Infiniroot offers dedicated Invoice Ninja servers in Switzerland. This allows you to run your own billing application using Invoice Ninja in a secure server environment and data in Switzerland, even with a low budget!