[solved (not really, but avoided)] Sendmail certification problem

Hello openHAB-community,

i’m new here an so first i want to thank you all for supporting that great project!

Now to my problem bei sending me an mail via mail-acion add-on :frowning:
The smtp-server uses an self-signed SSL certificate for STARTTLS…

My setup is an openHABian with openHAB 2 on an raspberry pi 3…
I added the certificate to jssecacerts (and also cacerts)!

Loading KeyStore jssecacerts...
Opening connection to <mydomain.tld>:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject EMAILADDRESS=...
   Issuer  EMAILADDRESS=...
   sha1    ...
   md5     ...


Looks ok in my eyes…
But the sendmail-action still puts out an error:

[ERROR] [rg.openhab.action.mail.internal.Mail] - Could not send e-mail to 'admin@<mydomain.tld>'.
org.apache.commons.mail.EmailException: Sending the email to the following server failed : <mydomain.tld>:25
        at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1421)
        at org.apache.commons.mail.Email.send(Email.java:1448)
        at org.openhab.action.mail.internal.Mail.sendMail(Mail.java:157)
        at org.openhab.action.mail.internal.Mail.sendMail(Mail.java:89)
        at org.openhab.action.mail.internal.Mail.sendMail(Mail.java:67)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.8.0_121]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[:1.8.0_121]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.8.0_121]
        at java.lang.reflect.Method.invoke(Method.java:498)[:1.8.0_121]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1085)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1060)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._invokeFeature(XbaseInterpreter.java:1046)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeFeature(XbaseInterpreter.java:991)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.smarthome.model.script.interpreter.ScriptInterpreter.invokeFeature(ScriptInterpreter.java:114)[129:org.eclipse.smarthome.model.script:0.9.0.b4]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:901)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:864)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:223)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:203)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:446)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:227)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:203)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.evaluate(XbaseInterpreter.java:189)[145:org.eclipse.xtext.xbase:2.9.2.v20160428-1452]
        at org.eclipse.smarthome.model.script.runtime.internal.engine.ScriptImpl.execute(ScriptImpl.java:77)[130:org.eclipse.smarthome.model.script.runtime:0.9.0.b4]
        at org.eclipse.smarthome.model.script.engine.ScriptExecutionThread.run(ScriptExecutionThread.java:42)[129:org.eclipse.smarthome.model.script:0.9.0.b4]
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
        at javax.mail.Service.connect(Service.java:317)
        at javax.mail.Service.connect(Service.java:176)
        at javax.mail.Service.connect(Service.java:125)
        at javax.mail.Transport.send0(Transport.java:194)
        at javax.mail.Transport.send(Transport.java:124)
        at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411)
        ... 23 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)[:1.8.0_121]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)[:1.8.0_121]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)[:1.8.0_121]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)[:1.8.0_121]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)[:1.8.0_121]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)[:1.8.0_121]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)[:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)[:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)[:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)[:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)[:1.8.0_121]
        at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)
        at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:447)
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1875)
        ... 30 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)[:1.8.0_121]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.8.0_121]
        at sun.security.validator.Validator.validate(Validator.java:260)[:1.8.0_121]
...

It looks like the certificate is noch installed, but it is!

Can anyone help me please before i’m going crazy?

Thanks a lot
the picknicker

The problem may be the sendmail add-on cannot handle self signed certs. I really don’t know. I’ve not used it before but have done enough with certs to know that rejected certs because they are self signed and having no certs at all generate very similar errors.

Ok, thanks for that informations!
I wasted some time on trying but gave up after two days or so.

By now i use the telegram add-on an it work’s very well for me.
I would say better than mail :relaxed:

http://docs.openhab.org/addons/actions/telegram/readme.html

Something like this advice would resolve the self-signed certs issue.

1 Like