SSL certificate fails after adding mailer nameservers

zzleki · October 27, 2022, 2:12pm

I’m facing an issue with my Domain set up.

I have added a custom domain with all necessary information and records. I added the provided nameservers on to my DNS provider and all works well up to this point.

However, I’m also using nodemailer to send emails for which I had to set up additional nameservers on my DNS provider. After that I get an SSL_ERROR_BAD_CERT_DOMAIN whenever I try to access my site.

I believe it’s because Netlify’s Lets encrypt takes into account only the nameservers provided by Netlify and not the other while signing the certificate… However I might be wrong…

Did anyone face a similar issue and or solve it?

coelmay · October 27, 2022, 8:38pm

Would help if you provided the domain @zzleki

zzleki · October 27, 2022, 9:10pm

My bad… The domain is zz-test-fit.click.

Also, I’ve bought the domain over NameCheap.

I wanted to show where I put everything, but I can’t embed images yet…

zzleki · October 27, 2022, 9:13pm

Maybe some additional info would be that, as I said I’ve bought the domain over NameCheap, and the email host is over CPanel.

I’ve added the Netlify name servers to NameCheap and usually I also add those from my host there too.

Locally everything works, but after I upload it breaks.

coelmay · October 27, 2022, 9:17pm

This is entirely the issue.

If you are using Netlify DNS, the only nameservers you can use are those provided by Netlify. Adding other nameserver will (as you have seen) break things.

When using Netlify DNS, any other records such as MX, CNAME, TXT, are added via to Netlify.

zzleki · October 27, 2022, 9:29pm

I see, will try! Thanks

Also I have added these to netlify:

MX
TXT DKIM
TXT SPF
NETLIFY for zz-test-fit.click
NETLIFY for www.zz-test-fit.click
NETLIFYv6 for zz-test-fit.click
NETLIFYv6 for www.zz-test-fit.click

Am I missing any?

coelmay · October 27, 2022, 9:41pm

On the face of it that looks fine. Without knowing all the particulars about the service you are trying to configure, I cannot say for certain.

zzleki · October 27, 2022, 9:57pm

It even says on CPanel that it’s valid…

I wanted to connect my NameCheap domain to netlify (done)

I want to be able to send emails to users so I’m using nodemailer inside a nextjs app, and the email host requires me to add these records above to my DNS provider, which I have, but it’s still not working…

I don’t know if that clarifies anything…

zzleki · October 27, 2022, 9:58pm

Do I need to allow port 465 maybe?

coelmay · October 27, 2022, 10:03pm

There is no allowing or disallow ports on Netlify.

What exactly is not working? What is the error you are seeing?

zzleki · October 27, 2022, 10:05pm

That’s the problem, It seemingly doesn’t throw an error, I just don’t receive the email.

coelmay · October 27, 2022, 10:08pm

Without having some sort of error to work with, there is absolutely nothing I or anyone else can do to help.

zzleki · October 27, 2022, 10:10pm

I will try some additional things, and get back.

zzleki · October 28, 2022, 4:44pm

Still after trying I couldn’t get any useful logs since this function is run on the backend, but it doesn’t show up in any of the function logs on Netlify.

I’ve configured the DNS records as so:

I’ve added the name servers of both Netlify and my email host to my domain provider

And I’ve checked with my email host that all is valid:

And I also checked with online tools like for mx, spf, dkim, dmac, smtp and everything was correct. And the email itself works fine, since I can normally receive and send emails.

However, the email sent from nodemailer still doesn’t get delivered… Can nodemailer even be used with Netlify?

hillary · October 28, 2022, 6:08pm

Hey there, @zzleki

Thanks for your patience here. I have looped in a Support Engineer to see if they have further insights for you.

amelia · October 28, 2022, 6:35pm

Hey @zzleki, it does look like you have duplicate DNS records for your domain. Have you already looked through this Support Guide about how to set up DNS on Netlify? [Support Guide] DNS Quick Start - How to set up DNS

Additionally, it does sound like you can use nodemailer with Netlify, but there will be some additional steps to set it up and you will need to use Functions on Netlify. Here’s a post with some details about how you can configure this: Netlify function for sending mail with nodemailer doesn't work in production - #9 by coelmay

Please let us know if that helps!

coelmay · October 28, 2022, 8:26pm

As I mentioned previously @zzleki you cannot have the studio4web.com nameservers. You have to remove them.

zzleki · October 30, 2022, 1:36pm

Alright, after some more tries I finally managed to get it working by following this [Support Guide] DNS Quick Start - How to set up DNS sent by @amelia and some additional bits.

TLDR: I stopped using Netlify DNS, and instead followed the External DNS guide in the Support guide, and I delegated it to studio4web.com where I get my email from and then added the records there.

LONGER EXPLANATION:
(I may have misunderstood somethings along the way, so correct me if I’m wrong…)

Basically I’ve been using 3 services. Netlify for deploying, Namecheap where I bought my domain and then studio4web where I have my CPanel, email host etc.

What I needed to do to get Netlify DNS working was to add the nameservers dn1-4 to NameCheap, and add the necessary records for email etc. to Netlify. And that all worked, however the studio4web host also requires me to add their nameservers to Namecheap to get it working properly (because I also had to register my domain through them to get emails).
However, after doing all that the mail wasn’t being sent, like I stated above, neither when I had the studio4web nameservers added nor when I didn’t (@coelmay). Although even that needed some additional configuration with studio4web because they were providing some kind of SSL which then caused an INVALID_CERT_ERROR when accessing the page.

The second thing I tried was using NameCheap DNS, which again worked for the website, but not for the email. Because, like I said, I need to add studio4web servers to namecheap, but when using their Basic DNS this options is blocked. And even adding all the needed records didn’t help.

Lastly I decided to use studio4web DNS. Which means I added the name servers to NameCheap, and then added A and CNAME records there. And mail records were not needed since they provide it as well. Now everything works.

Sadly I didn’t get much information about why I had all this trouble. It could even be that I didn’t wait long enough for everything to propagate before trying… Maybe some of you who are better at this might see something in my description… But anyways, all works now, thanks for all the help

zzleki · October 30, 2022, 1:40pm

Another thing, I’ve seen some code examples of how nodemailer should work, so I’m adding mine as well:

const transporter = nodemailer.createTransport({
  host: env.MAILER_HOST, // studio4web.com or w/e
  port: Number(env.MAILER_PORT), // 465 - because secure is true
  secure: true, // <-- for me this is has to be true
  auth: {
    user: env.MAILER_ID,
    pass: env.MAILER_PASSWORD,
  },
});

hrishikesh · October 30, 2022, 2:00pm

This highly sounds like a problem of how studio4web works and needs you to use their DNS service for emails as well. Anyways, glad it’s all sorted out now.