alertmanager icon indicating copy to clipboard operation
alertmanager copied to clipboard
Published 2 months ago verified publisher icon prometheus

The Global TLSConfig is not work for EmailConfig

Open wuji1020 opened this issue 4 years ago • 1 comments

What did you do? In order to alert notification by email, I set the smtp configration in alertmanager.yaml. If I set smtp_smarthost to an email domain name,it works well. But I set smtp_smarthost an IP address,It doesn't work. I checked the log and found this error as follows. establish TLS connection to server x509: cannot validate certificate for xx.xx.xx.xx because it doesn't contain any IP SANs

This is because the TSL certificate verification. I had set global.http_config.tls_config.insecure_skip_verify to true. Why it still verity the certificate. So I check the codes, I found the global.http_config.tls_config.insecure_skip_verify is not set to EmailConfig.tls_config, so it doesn't work.

So I don't know this is a missing initialization, or It indeed like this. or we should create a new tls_config for EmailConfig.

What did you expect to see? I expect to see the email was send successfully.

What did you see instead? Under which circumstances? Error occurred when sending email. establish TLS connection to server x509: cannot validate certificate for xx.xx.xx.xx because it doesn't contain any IP SANs.

Environment CentOS.

  • System information:

Linux 3.10.0-1160.24.1.el7.x86_64 x86_64.

  • Alertmanager version:
alertmanager, version 0.22.2 (branch: master, revision: 7961a308e91fe79c1af5a9a58d0445c191919c5c)
  build user:       root@LAPTOP-H8VQ6UFE
  build date:       20210918-02:03:52
  go version:       go1.14.3
  platform:         linux/amd64
  • Prometheus version:
prometheus, version 2.24.1 (branch: HEAD, revision: e4487274853c587717006eeda8804e597d120340)
  build user:       root@0b5231a0de0f
  build date:       20210120-00:09:36
  go version:       go1.15.6
  platform:         linux/amd64
  • Alertmanager configuration file:
global:
  resolve_timeout: 1y
  http_config:
    tls_config:
      insecure_skip_verify: true
  smtp_smarthost: xx.xx.xx.xx:465
  smtp_from: [email protected]
  smtp_auth_username: [email protected]
  smtp_auth_password: 1234567
  smtp_require_tls: false
  • Prometheus configuration file:
insert configuration here (if relevant to the issue)
  • Logs:
alertmanager.log-20210917-1631862061.gz:Sep 17 14:51:00 controller-3 alertmanager: level=warn ts=2021-09-17T06:51:00.055Z caller=notify.go:723 component=dispatcher receiver=62629383-03bb-40bf-a713-fc474980ab73 integration=email[0] msg="Notify attempt failed, will retry later" attempts=1 err="establish TLS connection to server: x509: cannot validate certificate for xx.xx.xx.xx because it doesn't contain any IP SANs"

wuji1020 avatar Sep 18 '21 06:09 wuji1020

Did you figure this out in the meanwhile? I'm having the same issue.

amani1104 avatar Jul 07 '22 09:07 amani1104

Is it going to be fixed?

sebv7 avatar Jan 31 '23 12:01 sebv7

global.http_config.tls_config.insecure_skip_verify applies only to integrations that have an http_config field, e.g. not email. What you need instead is to configure the TLS settings at the email receiver level:

receivers:
- name: email
  email_configs:
  - tls_config:
      insecure_skip_verify: true

simonpasquier avatar Jan 31 '23 13:01 simonpasquier

Closing since my previous comment should resolve the question. Feel free to reopen if it isn't the case.

simonpasquier avatar Feb 24 '23 13:02 simonpasquier