Issue Description
I am trying to connect to a S3 Storage in my internal network. I am then using self-signed certificates. Stalwart refuses the certificate when initiating the connection, while the latest version mentions that a fix has been submitted about this problem
Expected Behavior
The certificate validity should be ignored, and the connection to my S3 should be established
Actual Behavior
I am facing an explicit error about an unknown certificate issuer: invalid peer certificate: UnknownIssuer
Reproduction Steps
- Configure a logger to log to stdout (better UX for Docker-based deployments)
- Configure the BlobStore to use S3
- Enable “allow invalid TLS certificates”
- Restart the server
- The WebUI is missing because of S3 errors
- Observe these errors in the logs
Relevant Log Output
ERROR S3 error (store.s3-error)
reason = "reqwest: error sending request for url (https://path.to.my.s3.internal/<bucket-name>/<secret-key>): error sending request for url (https://path.to.my.s3.internal/<bucket-name>/<secret-key>): client error (Connect): invalid peer certificate: UnknownIssuer"
causedBy = "crates/store/src/dispatch/blob.rs:52"
causedBy = "crates/common/src/network/mta.rs:385"
details = "Failed to load spam filter model"
causedBy = "crates/common/src/manager/boot.rs:219"
ERROR Resource error (resource.error)
reason = S3 error (store.s3-error)
reason = "reqwest: error sending request for url (https://path.to.my.s3.internal/<bucket-name>/<secret-key>): error sending request for url (https://path.to.my.s3.internal/<bucket-name>/<secret-key>): client error (Connect): invalid peer certificate: UnknownIssuer"
causedBy = "crates/store/src/dispatch/blob.rs:52"
url = "https://github.com/stalwartlabs/webui/releases/latest/download/webui.zip"
details = "Failed to unpack application for prefixes: admin, account"
Stalwart Version
v0.16.x
Installation Method
Docker
Database Backend
FoundationDB
Blob Storage
S3-compatible
Search Engine
Elasticsearch
Directory Backend
Internal
Additional Context
Another strange thing is the fact that the secret key is printed on stderr when this kind of error occurs
I have reviewed the documentation and FAQ and confirm that my issue is NOT addressed there.
on
I have searched this support forum (open and closed topics) and confirm this is not a duplicate.
on
I understand that topics in this category are triaged by a bot first but a human reply will follow up. If I’d prefer a human-only reply, I’ll add the no-ai tag to my topic.
on