Email isn't send using https self-hosted

[levx-me]

Describe the bug

Email isn't send using https self-hosted

To Reproduce

Steps to reproduce the behavior:

1. Go to 'Account Control'
2. Click on 'Add Member'
3. Type in email address
4. See error

B86C4EE42E7F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:354:

Expected behavior

An email should be sent

Screenshots

Platform you are having the issue on:

Fedora 39

Additional context

I set up self hosted using docker-compose and I'm accessing it through https using nginx config like:
TSL certificate was issued using certbot by letsencrypt and I'm bypassing request to 8001 which docker-compose is run at.

server {
        listen 443 ssl;
        server_name infisical.my.domain;

        ssl_certificate /etc/letsencrypt/live/infisical.my.domain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/infisical.my.domain/privkey.pem;

        proxy_redirect      off;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    Host $http_host;

        location / {
            proxy_pass http://localhost:8001/;
            proxy_buffering off;
            proxy_buffer_size 16k;
            proxy_busy_buffers_size 24k;
            proxy_buffers 64 4k;
        }
    }

[akhilmhdh]

Which email service are you using.
https://infisical.com/docs/self-hosting/configuration/envars#email-service

[levx-me]

both gmail and resend doesn't work

[maidul98]

@levx-me are you able to try Sendgrid?

[mtracz]

I faced the same issue when upgrading from infisical/infisical:v0.43.16 to infisical/infisical:v0.51.9-postgres self-hosted.
Gmail SMTP stopped working.

based on infisical's SMTP docs:

infisical/docs/self-hosting/configuration/envars.mdx

Lines 212 to 228 in 246e6c6

	<Accordion title="Gmail">
	Create an account and enable "less secure app access" in Gmail Account Settings > Security. This will allow
	applications like Infisical to authenticate with Gmail via your username and password.
	
	With your Gmail username and password, you can set your SMTP environment variables:
	```
	SMTP_HOST=smtp.gmail.com
	SMTP_USERNAME=hey@gmail.com # your email
	SMTP_PASSWORD=password # your password
	SMTP_PORT=587
	SMTP_SECURE=true
	SMTP_FROM_ADDRESS=hey@gmail.com
	SMTP_FROM_NAME=Infisical
	```

---

not work:

SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE="true"

works (port 465):

SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_SECURE="true"

works (secure false):

SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE="false"

Regarding to node mailer docs, which is used in Infisical (https://github.com/Infisical/infisical/blob/main/backend/package.json#L113)

https://www.nodemailer.com/smtp/

secure – if true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false

I think Infisical docs should be adjusted.

[akhilmhdh]

Hmmm @mtracz good point. I think the default values should be adjusted according to this and also doc.

@levx-me Did port 465 resolved issue for you