为什么 Nodemailer 不能安全地连接到我在共享主机上运行的服务器

Question

I need to secure the connexion between my node app and my mail server (running on a shared hosting). I use Nodemailer configured like this:

{  
   transport: {
     // Is this where I am not sure
      key: [ readFileSync(__dirname + '/../../../../cert.pem') ],
      host: mail.my.domain,
      auth: {
        user: USER,
        pass: PWD
     }
  }
}

When I try to send an email I end up with this error:

Hostname/IP does not match certificate's altnames: Host: mail.my.domain. is not in the cert's altnames: DNS:xxx.planethoster.net, DNS:xxx.xxx.planethoster.net

I read everywhere that I should use rejectUnauthorized: true to by pass this issue and it works. But it is not an option to let this connexion ensecure.

The cert.pem loaded was the private ~/ssl/keys/XXXX.key of my mail server renamed with the .pem extension. I am not very confortable with certificate/keys stuff but I know that the running SSL certificate on my server is a valid one.

So, I have doubt about the files I renamed and gave to Nodemailer.

Answer 1

Planethoster support helped me to understand what was going wrong. I wan't to let this here as I think I won't be the only one to use share hosting for mailing.

In fact, my mail server is on a shared hosting at Planethoster. Thus, the certificate is only for the hosting machine name. Here it is world-346.fr.planethoster.net

So I resolved the problem by setting my configuration like this:

{  
   transport: {
      // Removed the unecessary cert loading
      // key: [ readFileSync(__dirname + '/../../../../cert.pem') ],
      host: world-346.fr.planethoster.net, // The host is now the shared machine
      auth: {
        user: USER,
        pass: PWD
     }
  }
}

The host machine is now OK with the given hostname as it is included in its certificate.