Rails 6.1.4.1：证书验证失败（无法获取本地颁发者证书）（OpenSSL::SSL::SSLError）

Question

Rails/Ruby/OpenSSL 不允许我发送电子邮件，为什么？

在控制台中测试：

irb(main):001:0> @webmessage = Webmessage.new(subject: "Hi there", body: "Bye now.", email: "me@me.com", firstname: "Me")
=> #<Webmessage:0x000055bee43fa1d0 id: nil, subject: "Hi there", body: "Bye now.", email: "me@me.com", firstname: "Me">

irb(main):002:0> ApplicationMailer.with(webmessage: @webmessage).email_webmessage.deliver_now
  Rendered application_mailer/email_webmessage.html.erb within layouts/mailer (Duration: 3.2ms | Allocations: 810)
  Rendered layout layouts/mailer.html.erb (Duration: 4.3ms | Allocations: 1044)
Delivered mail 614243a5a9582_9b0ab4874e5@host.mail (52.1ms)
/home/user/.rbenv/versions/3.0.1/lib/ruby/3.0.0/net/protocol.rb:46:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)

产生的错误：

“SSL_connect returned=1 errno=0 state=error: 证书验证失败（无法获取本地颁发者证书）（OpenSSL::SSL::SSLError）”

我的证书路径：

$ echo $SSL_CERT_DIR
/etc/ssl/certs

$ echo $SSL_CERT_FILE
/etc/ssl/certs/ca-certificates.crt

我的环境：

• Rails 6.1.4.1
• Ruby 3.0.1p64
• OpenSSL 1.1.1f

编辑：这建立了一个工作连接：

$ openssl s_client -connect example.com:443 -CAfile /etc/ssl/certs/ca-certificates.crt


irb(main):001:0> require 'open-uri'
=> true

irb(main):002:0> p open(URI.open('https://google.com'))
#<File:/tmp/open-uri20210915-4444-phdsb>
=> #<File:/tmp/open-uri20210915-4444-phdsb>

Answer 1

这是解决方案，供后代使用：

事实证明，Rails 需要 config/environments/production.rb 中的以下条目之一才能使上述错误消失：

config.force_ssl = true

config.action_mailer.default_url_options = {
    protocol: 'https',
    host: "www.mydomain.com"
}

config.action_mailer.delivery_method = :sendmail
config.action_mailer.sendmail_settings = {
    location: '/usr/sbin/sendmail',
    arguments: '-i -t'
}