Error 500 on user account creation and password reset request

Ben_Sefton · August 14, 2023, 3:14am

1. What is the issue? Please be detailed.
When submitting a user password reset request, or account creation request through the Central web interface, it returns "Something went wrong: error code 500."
This error shows in the service container logs as

central-service-1  | [Error: 140617117648832:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
central-service-1  | ] {
central-service-1  |   library: 'SSL routines',
central-service-1  |   function: 'ssl3_get_record',
central-service-1  |   reason: 'wrong version number',
central-service-1  |   code: 'ESOCKET',
central-service-1  |   command: 'CONN'
central-service-1  | }
central-service-1  | ::ffff:172.18.0.9 - - [14/Aug/2023:01:03:07 +0000] "POST /v1/users/reset/initiate?invalidate=true HTTP/1.0" 500 351

All other functionality such as login, form data export, etc works.

This deployment of Central is running on Ubuntu 20.04 LTS focal.

2. What steps can we take to reproduce this issue?
I recently updated Central from v1.3 to 2023.3.1, following the relevant instructions for all versions in between where required. Submissions do not exceed more than 10k per form, with all forms totalling under 30k submissions.

3. What have you tried to fix the issue?
I've restarted the VPS and verified the system time is correct.
I'd like to manually refresh TLS certificates but cannot find instructions on how to do so.

Attempted to try rebuilding Central with docker compose build and received this error.

[+] Building 0.1s (3/3) FINISHED
 => [postgres14 internal] load build definition from postgres14.dockerfile                                                                                                                                   0.0s
 => => transferring dockerfile: 509B                                                                                                                                                                         0.0s
 => [postgres14 internal] load .dockerignore                                                                                                                                                                 0.0s
 => => transferring context: 67B                                                                                                                                                                             0.0s
 => ERROR [postgres14 internal] load metadata for docker.io/library/postgres:14.8                                                                                                                            0.0s
------
 > [postgres14 internal] load metadata for docker.io/library/postgres:14.8:
------
failed to solve: postgres:14.8: failed to do request: Head "https://registry-1.docker.io/v2/library/postgres/manifests/14.8": dial tcp: lookup registry-1.docker.io on [::1]:53: read udp [::1]:40040->[::1]:53: read: connection refused

yanokwa · August 14, 2023, 12:32pm

User creation failure usually has to do with password reset email failing to send.

Are you sending mail with the mail service provider? A local SMTP server? Something else? Is it possible that email server has the wrong date or a bad cert or no cert?

Ben_Sefton · August 15, 2023, 12:05am

Hey Yanokwa,

Thanks for your response.

I'm using a Gmail account with the below .env variables.

#Use fully qualified domain names. Set to DOMAIN=local if SSL_TYPE=selfsign.
DOMAIN=MY-DOMAIN.COM

# Used for Let's Encrypt expiration emails and Enketo technical support emails
SYSADMIN_EMAIL=MY-WORK-EMAIL@EMAIL.COM

# Options: letsencrypt, customssl, upstream, selfsign
SSL_TYPE=letsencrypt

# Do not change if using SSL_TYPE=letsencrypt
HTTP_PORT=80
HTTPS_PORT=443

EMAIL_FROM=MY-GMAIL-ACCOUNT@gmail.com
EMAIL_HOST=smtp.gmail.com
EMAIL_PORT=587
EMAIL_IGNORE_TLS=false
EMAIL_SECURE=true
EMAIL_USER=MY-GMAIL-ACCOUNT@gmail.com
EMAIL_PASSWORD=MY-GMAIL-API-PASSWORD

yanokwa · August 15, 2023, 2:58pm

In https://docs.getodk.org/central-install-digital-ocean/#using-a-custom-mail-server, we say...

EMAIL_SECURE should generally be set to true if you use port 465 and set to false for other ports.

You are not using port 465, so set EMAIL_SECURE to false, build and restart the service container, and try again.

Ben_Sefton · August 16, 2023, 6:41am

That was it. My apologies for missing the quote in the update guide.

Thanks for your help Yanokwa, much appreciated.

iamnarendrasingh · March 17, 2025, 10:56am

I was previously using Gmail SMTP for password reset on my ODK Central instance (running on AMS), but it's no longer working and returns a 500 error.

Has anyone faced a similar issue or found a free and open-source alternative for SMTP that works with ODK Central? Any suggestions or guidance would be greatly appreciated!

Best,
@iamnarendrasingh

yanokwa · March 17, 2025, 12:21pm

It's hard to find a free way to send emails because that free way will eventually be used for spam.

We recommend using a dedicated email service such as Mailjet. Central doesn't send many emails, so such a service will generally be a cost-effective way of ensuring email delivery. More at https://docs.getodk.org/central-troubleshooting/#users-aren-t-receiving-emails.

Ben_Sefton · March 18, 2025, 1:54am

Hey mate,

It might be worth just trying to create a new app password for your google account and see whether that works. Google sometimes disable app passwords or they expire I'm not really sure.

Hope that helps.

Cheers,
Ben