You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have Vaultwarden deployed in a k3s cluster that is configured via the SMTP_* env variables to send emails through our on-premise Exchange server. However, this morning, a collegue noticed that, after I updated the instance this morning, that he could no longer receive emails for his MFA - and I found the related log message soon after.
Clients used: Web Vault (Extension and Desktop Client work)
Reverse proxy and version: Traefik as dictated by k3s
MySQL/MariaDB or PostgreSQL version: image: docker.io/library/postgres:15-alpine
Other relevant details: None I could really think of, sorry.
Steps to reproduce
According to my collegue, all he did was attempt to log in via the Web Vault to obtain login credentials. Upon entering his creds, he received an error page with the error above (minus the log wrap itself). The extension works fine, so I assume it just falls back to offline storage.
Expected behaviour
An email to be sent
Actual behaviour
It appears that Vaultwarden does not like Exchange's shenanigans related to certificates. Although we use starttls and the appropriate port (587), the above error is thrown.
I tried to look for a way to, at least temporarily, disable TLS verification to see if that solved the issue, but found none. Exchange isn't the most obvious about it's certs, according to another collegue with admin previleges (which I do not have), so I have to assume that Microsoft is doing Microsoft things...fun.
Troubleshooting data
See above.
The text was updated successfully, but these errors were encountered:
Repository owner
locked and limited conversation to collaborators
Apr 8, 2024
Subject of the issue
We have Vaultwarden deployed in a k3s cluster that is configured via the
SMTP_*
env variables to send emails through our on-premise Exchange server. However, this morning, a collegue noticed that, after I updated the instance this morning, that he could no longer receive emails for his MFA - and I found the related log message soon after.Deployment environment
image: ghcr.io/dani-garcia/vaultwarden:1.30.5-alpine
Install method: Kubernetes via k3s, deployment
Clients used: Web Vault (Extension and Desktop Client work)
Reverse proxy and version: Traefik as dictated by k3s
MySQL/MariaDB or PostgreSQL version:
image: docker.io/library/postgres:15-alpine
Other relevant details: None I could really think of, sorry.
Steps to reproduce
According to my collegue, all he did was attempt to log in via the Web Vault to obtain login credentials. Upon entering his creds, he received an error page with the error above (minus the log wrap itself). The extension works fine, so I assume it just falls back to offline storage.
Expected behaviour
An email to be sent
Actual behaviour
It appears that Vaultwarden does not like Exchange's shenanigans related to certificates. Although we use
starttls
and the appropriate port (587), the above error is thrown.I tried to look for a way to, at least temporarily, disable TLS verification to see if that solved the issue, but found none. Exchange isn't the most obvious about it's certs, according to another collegue with admin previleges (which I do not have), so I have to assume that Microsoft is doing Microsoft things...fun.
Troubleshooting data
See above.
The text was updated successfully, but these errors were encountered: