21 December 2009

If you have a Rails app that sends e-mails, you are probably using ActionMailer. Unfortunately, starting with Rails 2.2.2, you may have encountered a wonderfully annoying little error that looks like this:

OpenSSL::SSL::SSLError (hostname was not match with the server certificate):
   /usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check'
   /usr/lib/ruby/1.8/net/smtp.rb:582:in `tlsconnect'
   /usr/lib/ruby/1.8/net/smtp.rb:562:in `do_start'
   /usr/lib/ruby/1.8/net/smtp.rb:525:in `start'

The are quite a few sites out there that give monkey patches for this problem, but those aren’t very useful because the next time you upgrade Rails, the monkey patch gets obliterated and you’re back to square 1. And then you have to remember how you monkeyed with it the last time to get it working again. Ug…

Instead, fix it the right way!

The reason this problem occurs is that starting with Rails 2.2.2, ActionMailer will automatically enable an encrypted connection with the mail server when trying to send out a message. This “feature” is enabled by default. If you don’t have a fancy, ungodly expensive certificate because you decided to roll your own, or if there is some problem with your certificate or postfix config, you get the above error.

Well, starting with Rails 2.2.3, there is a new option in ActionMailer::Base: enable_starttls_auto. This option allows you to turn off the automatic TLS “feature”.

To use the option, open up your environment.rb and add the following:

# Turn off auto TLS for e-mail
ActionMailer::Base.smtp_settings[:enable_starttls_auto] = false

Restart your app, and the problem is fixed for good. Note that this option will only work if you’re using Ruby 1.8.7 or above. If you’re NOT using 1.8.7 or above, upgrade. It looks like older Ruby versions will not be officially supported by the next versions of Rails.

If you’re afraid of upgrading Ruby, fear not. Just try Ruby Enterprise Edition and Passenger. They’re easy to set up, they have extensive documentation, and you’ll be very pleased with the performance and easy of use!

Happy Holidays!!

Fixing the “ActionMailer: Hostname not match server certificate” Error
Tagged on:     

9 thoughts on “Fixing the “ActionMailer: Hostname not match server certificate” Error

  • 6 May 2010 at 19:33


    That’s a GREAT solution, not a monkey patch!

  • 30 August 2010 at 22:07

    fyi, the tls “feature” as you call it is important if your application is contacting the mail server over the internet. otherwise you are sending your mail account password in clear text every time you connect.

    in that case, the better fix for this issue is to actually generate the appropriate certificate on your app machine for the email host.

    of course if it is all localhost or intranet, you’re probably a little better off when disabling this.

  • 7 September 2010 at 08:18

    Thanks for the post, I used it to figure out a better way to do the same thing.
    Just specify this in environments/production.rb
    config.action_mailer.smtp_settings = {:enable_starttls_auto => false}

    Thanks again!

    • 7 September 2010 at 12:55

      I figured if I stuck it in environment.rb, it works in production, development, etc.

  • 30 March 2011 at 12:49


    this article really helped a lot. Saved a few hair from being pulled out!

  • 29 April 2011 at 11:23

    I’ve been struggling for a while trying to figure out why I couldn’t get action_mailer to work. It just failed silently. I finally got the error message when I created a ruby script that used the mail gem directly, and found this post. Setting :enable_starttls_auto => false fixed it.

    Thanks a lot!

  • Pingback: Fly like a G Mailer « cinerem

  • 26 November 2012 at 13:46

    I’ve been stuck with same problem but making start tls false also doesnt help. Even when I use delivery method as sendmail Im stuck with a similar issue


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.