Diagnosing ssl errors with sending emails?

Recently our instance of vaultwarden has started giving ssl errors like the following when trying to send an email.

Oct 12 11:34:07 clarion1.compass.lan passageway[27719]: [2021-10-12 11:34:07.778][request][INFO] POST /api/accounts/password-hint
Oct 12 11:34:07 clarion1.compass.lan passageway[27719]: [2021-10-12 11:34:07.986][bitwarden_rs::mail][ERROR] SMTP IO error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:s3_clnt.c:1264: (certificate has expired)
Oct 12 11:34:07 clarion1.compass.lan passageway[27719]: [2021-10-12 11:34:07.988][response][INFO] POST /api/accounts/password-hint (password_hint) => 400 Bad Request

How can i see the smtp log to check the cert? Mail settings haven’t changed recently and the certs are valid per openssl s_client
Would it matter if this version wasn’t up to date? For example, could the recent let’sencrypt cert expiration have affected the internals somehow? The certs in nginx are being issued via the new still valid let’sencrypt root CA.


If the cert still uses the DST root cert, then it could be causing this issue.

You could use a linux CLI tool like GitHub - drwetter/testssl.sh: Testing TLS/SSL encryption anywhere on any port

Or use this site SSL Checker which support port numbers.