Kratos: Error sending verification email


I’m trying to use AWS SES as mail courier, and when the email verification is about to be sent, the following error occurs:

time="2020-04-07T09:38:29Z" level=error msg="Unable to send email using SMTP connection." error="tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config" [email protected] smtp_server="" smtp_ssl_enabled=true

Is there a configuration setting of some kind I can adjust to get around this problem, or is it just simply not possible to use AWS SES service for mail verifications?

Furthermore, where is the message_from coming from? In the config, I specify from_address with a completely different value, but that’s not being used?



That should work, at least on latest master. Since you didn’t provide a version tag I assume you run 0.1.1-alpha.1.

Without your configuration I am not able to help.

Please consider opening a GitHub issue and using the provided issue template to fill out your bug report :slight_smile:

Thanks again for your answer.

Sorry, I should have included the version, of course. The image I’m using is oryd/kratos:v0.1.1, so the alpha is newer I assume, and I will update to that and see what ahappens.

The configuration for smtp is

connection_uri: smtps://<AWS SES USER>:<AWS SES PWD>

Is the TLS certificate signed by a trusted CA? If not, did you install the CA Root Certificate on the server where Keto runs?

Don’t know. I’ll have to dig into the AWS SES documentation to find out if there’s anything there that can tell me how to solve the problem.

After having done some more research, it appears that the easiest fix is to add skip_ssl_verify=true to the connection_uri config value as a query parameter. However, the from_address config value is still not being picked up.

Seems I stumbled upon this bug:

Changing the config key to stmp doesn’t work, because the config is validated against an internal schema called config.schema.json, so no work-around seems to be available, I guess? This is a real show-stopper since it prevents med from verifying identities, unless I a) switch to another mail sending solution and hope for the best, or b) build the project myself. Unfortunately, AWS does not allow sending mails from addresses that hasn’t been verified, but being in AWS it kind of makes more sense to use their service than to run an SMTP server of my own.

When is the next release scheduled?

Most likely within this month

Unfortunately, I can’t wait, so I built the image from the master branch myself. Took a while to figure out how to do it on Windows, but having modified the makefile and dockerfile a bit it seem to work. Will see tomorrow when I continue if I succeeded or not.

Yeah, that’s the other option. If you don’t need SQLite you can omit -tags sqlite and then you don’t need CGO :slight_smile: