SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion)) #380

New Issue

MrUnknownDE · 2026-04-05T21:05:18+02:00

MrUnknownDE commented

2026-04-05 21:05:18 +02:00

Originally created by @EnergeticMrMask on 8/27/2025

Prerequisites

I have searched the existing Closed AND Open Issues AND Discussions
I have searched and read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.34.3
Web-vault version: v2025.7.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: PostgreSQL
Database version: PostgreSQL 17.6 (Debian 17.6-1.pgdg12+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14+deb12u1) 12.2.0, 64-bit
Uses config.json: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
TZ environment: PRC
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: false
HTTPS Check: false
Websocket Check: true
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: ADMIN_TOKEN

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "****://**************************************",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "********://**************************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://***************************",
  "domain_origin": "****://***************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": "***************************",
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": true,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Login",
  "smtp_debug": false,
  "smtp_embed_images": false,
  "smtp_explicit_tls": null,
  "smtp_from": "***************************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "***************************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.34.3

Deployment method

Official Container Image

Custom deployment method

I deployed Vaultwarden via TrueNAS Scale's application feature. More deployment details can be found in the screenshot below.

Reverse Proxy

nginx proxy manager v2.12.6

Host/Server Operating System

NAS/SAN

Operating System Version

TrueNAS Scale 25.04.2.1

Clients

Web Vault

Client Version

No response

Steps To Reproduce

Deploy poste.io via docker on ubuntu server as a self-hosted mail server.
Configure the SMTP Email Settings in the /admin page using STARTTLS on port 587. For specific settings, please refer to the screenshot below.
Send a test email after saving the settings.

Expected Result

The test email has been sent successfully.

Actual Result

An error pop-up appears with the following message:
SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion)).

The test email was not sent.

Logs

2025-08-26 02:41:07.319420+00:00[2025-08-26 10:41:07.319][request][INFO] GET /admin
2025-08-26 02:41:07.319420+00:00[2025-08-26 10:41:07.319][request][INFO] GET /admin
2025-08-26 02:41:07.319420+00:00[2025-08-26 10:41:07.319][request][INFO] GET /admin
2025-08-26 02:41:07.330845+00:00[2025-08-26 10:41:07.330][response][INFO] (admin_page) GET /admin/ => 200 OK
2025-08-26 02:41:07.330845+00:00[2025-08-26 10:41:07.330][response][INFO] (admin_page) GET /admin/ => 200 OK
2025-08-26 02:41:07.330845+00:00[2025-08-26 10:41:07.330][response][INFO] (admin_page) GET /admin/ => 200 OK
2025-08-26 02:41:17.746920+00:00[2025-08-26 10:41:17.746][request][INFO] POST /admin/test/smtp
2025-08-26 02:41:17.746920+00:00[2025-08-26 10:41:17.746][request][INFO] POST /admin/test/smtp
2025-08-26 02:41:17.746920+00:00[2025-08-26 10:41:17.746][request][INFO] POST /admin/test/smtp
2025-08-26 02:41:17.825262+00:00[2025-08-26 10:41:17.824][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion))
2025-08-26 02:41:17.825262+00:00[2025-08-26 10:41:17.824][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion))
2025-08-26 02:41:17.825372+00:00[2025-08-26 10:41:17.825][response][INFO] (test_smtp) POST /admin/test/smtp application/json => 400 Bad Request
2025-08-26 02:41:17.825262+00:00[2025-08-26 10:41:17.824][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion))
2025-08-26 02:41:17.825372+00:00[2025-08-26 10:41:17.825][response][INFO] (test_smtp) POST /admin/test/smtp application/json => 400 Bad Request
2025-08-26 02:41:17.825372+00:00[2025-08-26 10:41:17.825][response][INFO] (test_smtp) POST /admin/test/smtp application/json => 400 Bad Request

Screenshots or Videos

Additional Context

This issue has only emerged recently. Back in July of this year, Vaultwarden was able to send emails successfully under the same configuration. However, a few weeks ago (possibly after an update? I apologize for not being able to provide an exact timeline as I don’t use the email function daily), I stopped receiving password hint emails. I noticed this issue when checking the admin page.

I’ve tried modifying various settings—such as toggling Secure SMTP to off or force_ssl, changing SMTP Auth mechanism, and more—but none of these adjustments restored SMTP communication between Vaultwarden and poste.io. Even after completely removing and redeploying both Vaultwarden and poste.io, the problem persisted.

When configured to use other mail servers like Gmail or QQ Mail, Vaultwarden works perfectly and sends emails without issue. The problem seems isolated to its interaction with poste.io.

That said, I don’t believe the issue lies with poste.io itself, as several my other services (such as Uptime Kuma, Firefly III, ssmtp, and Send-MailKit-Message) are using the exact same poste.io configuration to send emails without any problems.

I haven’t yet tried deploying Vaultwarden via Docker, though I should note that six months ago, when I ran Vaultwarden in a Docker container, it worked flawlessly with the same poste.io settings. I migrated to TrueNAS Scale in May. If necessary, I can allocate time to test with a Docker deployment again.

I’m uncertain whether this is a bug or if a recent update has invalidated certain configurations. I’ve searched online but haven’t found any reports of the same error message. If the issue is due to a misconfiguration on my end or if there are known solutions, please let me know.

If it turns out the root cause isn’t related to Vaultwarden—for instance, if it’s an issue with poste.io or TrueNAS Scale—I will forward this issue (along with relevant details) to the appropriate developers.

I believe I’ve exhausted all feasible troubleshooting steps, and this problem has been frustrating me for weeks.

I’m happy to provide more detailed logs or information if needed. Please don’t hesitate to reach out.

*Originally created by @EnergeticMrMask on 8/27/2025* ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.3 * Web-vault version: v2025.7.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: PostgreSQL * Database version: PostgreSQL 17.6 (Debian 17.6-1.pgdg12+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14+deb12u1) 12.2.0, 64-bit * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * TZ environment: PRC * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: false * HTTPS Check: false * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** ADMIN_TOKEN **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "****://**************************************", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "********://**************************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "****://***************************", "domain_origin": "****://***************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": "***************************", "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": true, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Login", "smtp_debug": false, "smtp_embed_images": false, "smtp_explicit_tls": null, "smtp_from": "***************************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "***************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.34.3 ### Deployment method Official Container Image ### Custom deployment method I deployed Vaultwarden via [TrueNAS Scale](https://www.truenas.com)'s application feature. More deployment details can be found in the screenshot below. ### Reverse Proxy nginx proxy manager v2.12.6 ### Host/Server Operating System NAS/SAN ### Operating System Version TrueNAS Scale 25.04.2.1 ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce 1. Deploy [poste.io](https://poste.io) via docker on ubuntu server as a self-hosted mail server. 2. Configure the SMTP Email Settings in the `/admin` page using `STARTTLS` on port `587`. For specific settings, please refer to the screenshot below. 3. Send a test email after saving the settings. ### Expected Result The test email has been sent successfully. ### Actual Result An error pop-up appears with the following message: `SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion)).` The test email was not sent. ### Logs ```text 2025-08-26 02:41:07.319420+00:00[2025-08-26 10:41:07.319][request][INFO] GET /admin 2025-08-26 02:41:07.319420+00:00[2025-08-26 10:41:07.319][request][INFO] GET /admin 2025-08-26 02:41:07.319420+00:00[2025-08-26 10:41:07.319][request][INFO] GET /admin 2025-08-26 02:41:07.330845+00:00[2025-08-26 10:41:07.330][response][INFO] (admin_page) GET /admin/ => 200 OK 2025-08-26 02:41:07.330845+00:00[2025-08-26 10:41:07.330][response][INFO] (admin_page) GET /admin/ => 200 OK 2025-08-26 02:41:07.330845+00:00[2025-08-26 10:41:07.330][response][INFO] (admin_page) GET /admin/ => 200 OK 2025-08-26 02:41:17.746920+00:00[2025-08-26 10:41:17.746][request][INFO] POST /admin/test/smtp 2025-08-26 02:41:17.746920+00:00[2025-08-26 10:41:17.746][request][INFO] POST /admin/test/smtp 2025-08-26 02:41:17.746920+00:00[2025-08-26 10:41:17.746][request][INFO] POST /admin/test/smtp 2025-08-26 02:41:17.825262+00:00[2025-08-26 10:41:17.824][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion)) 2025-08-26 02:41:17.825262+00:00[2025-08-26 10:41:17.824][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion)) 2025-08-26 02:41:17.825372+00:00[2025-08-26 10:41:17.825][response][INFO] (test_smtp) POST /admin/test/smtp application/json => 400 Bad Request 2025-08-26 02:41:17.825262+00:00[2025-08-26 10:41:17.824][vaultwarden::mail][ERROR] SMTP error: Connection error: Connection error: invalid peer certificate: Other(OtherError(UnsupportedCertVersion)) 2025-08-26 02:41:17.825372+00:00[2025-08-26 10:41:17.825][response][INFO] (test_smtp) POST /admin/test/smtp application/json => 400 Bad Request 2025-08-26 02:41:17.825372+00:00[2025-08-26 10:41:17.825][response][INFO] (test_smtp) POST /admin/test/smtp application/json => 400 Bad Request ``` ### Screenshots or Videos <img width="787" height="745" alt="Image" src="https://github.com/user-attachments/assets/e3405f41-b695-4ffc-855d-28146ed9825c" /> <img width="871" height="753" alt="Image" src="https://github.com/user-attachments/assets/e1cf2542-cdff-46b6-8f3c-1274f1d23250" /> <img width="786" height="703" alt="Image" src="https://github.com/user-attachments/assets/8649a6af-0ebf-4933-af58-14ab000baeb0" /> <img width="365" height="368" alt="Image" src="https://github.com/user-attachments/assets/0b9d92c1-f38e-428c-a3a9-71df6595cce9" /> <img width="1722" height="2345" alt="Image" src="https://github.com/user-attachments/assets/a13406fa-1b51-4f1c-a776-14d90d00e160" /> <img width="380" height="88" alt="Image" src="https://github.com/user-attachments/assets/0f258ffa-c897-4cc9-b302-d5a4583b78dd" /> ### Additional Context This issue has only emerged recently. Back in July of this year, Vaultwarden was able to send emails successfully under the same configuration. However, a few weeks ago (possibly after an update? I apologize for not being able to provide an exact timeline as I don’t use the email function daily), I stopped receiving password hint emails. I noticed this issue when checking the `admin` page. I’ve tried modifying various settings—such as toggling `Secure SMTP` to `off` or `force_ssl`, changing `SMTP Auth mechanism`, and more—but none of these adjustments restored SMTP communication between Vaultwarden and [poste.io](https://poste.io). Even after completely removing and redeploying both Vaultwarden and [poste.io](https://poste.io), the problem persisted. When configured to use other mail servers like [Gmail](https://workspace.google.com/gmail/) or [QQ Mail](https://mail.qq.com), Vaultwarden works perfectly and sends emails without issue. The problem seems isolated to its interaction with [poste.io](https://poste.io). That said, I don’t believe the issue lies with [poste.io](https://poste.io) itself, as several my other services (such as [Uptime Kuma](https://uptime.kuma.pet/), [Firefly III](https://www.firefly-iii.org/), [ssmtp](https://wiki.archlinux.org/title/SSMTP), and [Send-MailKit-Message](https://www.powershellgallery.com/packages/Send-MailKitMessage/3.2.0)) are using the exact same [poste.io](https://poste.io) configuration to send emails without any problems. I haven’t yet tried deploying Vaultwarden via Docker, though I should note that six months ago, when I ran Vaultwarden in a Docker container, it worked flawlessly with the same [poste.io](https://poste.io) settings. I migrated to [TrueNAS Scale](https://www.truenas.com) in May. If necessary, I can allocate time to test with a Docker deployment again. I’m uncertain whether this is a bug or if a recent update has invalidated certain configurations. I’ve searched online but haven’t found any reports of the same error message. If the issue is due to a misconfiguration on my end or if there are known solutions, please let me know. If it turns out the root cause isn’t related to Vaultwarden—for instance, if it’s an issue with [poste.io](https://poste.io) or [TrueNAS Scale](https://www.truenas.com)—I will forward this issue (along with relevant details) to the appropriate developers. I believe I’ve exhausted all feasible troubleshooting steps, and this problem has been frustrating me for weeks. I’m happy to provide more detailed logs or information if needed. Please don’t hesitate to reach out.

MrUnknownDE closed this issue

2026-04-05 21:05:18 +02:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#380