ERR_TLS_CERT_ALTNAME_INVALID for own mailserver configuration

[xeruf]

Issue Summary

On selfhosted cal.com on kubernetes, I get this error when trying to send an email:

sendEmail from: Cal.com <USER@ftt.gmbh> subject: Cal.com: Verify your account Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: mail.ftt.gmbh. is not in the cert's altnames

Meanwhile running openssl s_client -starttls smtp -crlf -connect mail.ftt.gmbh:587 returns a perfectly valid certificate.
This is the config:

Actual Results

Email sending does not work, though the interface said Email sent successfully

This has been present for months now and is still in the latest 4.7.8

The app otherwise looks splendidly, but without mails working it is a bit useless.

We have plenty of apps running without issues with the same email config.

Expected Results

email sending works

Logs

I am getting a few other errors that seem noncritical but am including them for completeness:

@calcom/web:start: 17:47:15:128 WARNRateLimit Disabled due to not finding UNKEY_ROOT_KEY env variable
@calcom/web:start: [PERF]: getEventTypesFromGroup(2) took 17.857779026031494ms
@calcom/web:start: [PERF]: getByViewer(2) took 67.39256381988525ms
@calcom/web:start: SEND_ACCOUNT_VERIFY_EMAIL_ERROR Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: mail.ftt.gmbh. is not in the cert's altnames: DNS:main.iridion.it
@calcom/web:start:     at new NodeError (node:internal/errors:405:5)
@calcom/web:start:     at Object.checkServerIdentity (node:tls:337:12)
@calcom/web:start:     at TLSSocket.onConnectSecure (node:_tls_wrap:1669:27)
@calcom/web:start:     at TLSSocket.emit (node:events:517:28)
@calcom/web:start:     at TLSSocket._finishInit (node:_tls_wrap:1070:8)
@calcom/web:start:     at ssl.onhandshakedone (node:_tls_wrap:856:12)
@calcom/web:start:     at TLSWrap.callbackTrampoline (node:internal/async_hooks:128:17) {
    @calcom/web:start:   reason: "Host: mail.ftt.gmbh. is not in the cert's altnames: DNS:main.iridion.it",
    @calcom/web:start:   host: 'mail.ftt.gmbh',
    @calcom/web:start:   cert: {
        @calcom/web:start:     subject: [Object: null prototype] { CN: 'main.iridion.it' },
        @calcom/web:start:     issuer: [Object: null prototype] {
            C: 'US',
            O: "Let's Encrypt",
            CN: 'R10' 
        },
        @calcom/web:start:     subjectaltname: 'DNS:main.iridion.it',
        @calcom/web:start:     infoAccess: [Object: null prototype] {
            @calcom/web:start:       'OCSP - URI': [Array],
            @calcom/web:start:       'CA Issuers - URI': [Array]
            @calcom/web:start:     
        },
        @calcom/web:start:     ca: false,
        @calcom/web:start:     modulus: 'BF2C6F8B904F627AA076026623AD6C8CEA6BD7562642AD1311002B828E0C81173A7A0C02F8DDAE754A47F83C1540528E88DD0CA91D746C5476B4F2D3D3AAF884604628FEE92A290D60711866A35084191EAD486BA7861CEA7E1EC16CE3AE8D6585D34A182516F4117BD30A2245B4BA91D98494FC5855248A82A99B78EA46FF
1174AD07EA574EBC2076528A48BF5598AFC088545AEB17C1FBF9F56A92D23B37DF81135D555F17769010232D89CDF4AA57538260C205CD3F8FDBC32B791ABCF5BFF07A0EF1B603B0D88FEB5E0E2F7824E43694E9403922E92276C8647FB460C085D148A6445ACEB4292485AD6EC617F881D8FDA464FC32FD18F2FBEAD39B859B929B5156309F6E6B92FC36D87FA4FFE3886D2C1
E88D0E3345F5AA36C6BEBCD1F9C3A5EA142395F01FBEE22817B2B525EB5D1FEF5BCF75ED6AD93DF262164D9E5A402B0FB2F2FD043737D12712D7E15F47BF95D3F9D941B3E83720CF69F9F72EBC6A26E6B9DD632FA4C94882B0FEDC059F60C1648A007D2EDAF5FB263E87D0909A81D9E8F00F88348C6E9781F19004401D2E760B4B9D4455B342B46649E61CAE58FD9FCD1C5E18D
16FB8A1AA2865A818E6D772E614BE5372BFDA021A003A5CA6FAC7B97AF7384186A37DFBD2CB79715E7A08E70B46130E5976A7B2E4D46B6108AF78DB71B47F85FC880904A2624C89F93855D680481764BDD2A211BC95D388046B5',23 ad 6c 8c ea ... 500 more bytes>,
        @calcom/web:start:     valid_from: 'Nov 18 05:54:38 2024 GMT',
        @calcom/web:start:     valid_to: 'Feb 16 05:54:37 2025 GMT',
        @calcom/web:start:     fingerprint: 'E5:EC:1B:D9:E8:B3:8D:40:E7:5D:2E:48:6F:2B:81:F4:B1:09:5B:1B',
        @calcom/web:start:     fingerprint256: '26:0B:58:9B:32:6E:F5:0F:0D:B5:ED:68:27:61:28:EC:B9:DF:A0:AE:81:8C:EF:E7:E6:87:F0:D1:2A:55:91:D2',
        @calcom/web:start:     fingerprint512: '78:12:D2:EB:2C:B5:B4:DD:B7:BE:B5:1C:C6:89:17:31:CF:F8:76:25:25:FE:11:FB:55:58:21:25:D4:6B:E8:FA:64:38:43:67:3D:6E:C8:65:DC:F3:21:D7:2F:25:24:36:D7:6E:5D:F8:BF:B8:6D:20:65:54:2E:54:A6:E4:28:82',
        @calcom/web:start:     ext_key_usage: [
            '1.3.6.1.5.5.7.3.1',
            '1.3.6.1.5.5.7.3.2' 
        ],
        @calcom/web:start:     serialNumber: '0479A18F894BA43D9342BF24EC9F1C0E5F8E',
        @calcom/web:start:     raw: <Buffer 30 82 05 f0 30 82 04 d8 a0 03 02 01 02 02 12 04 79 a1 8f 89 4b a4 3d 93 42 bf 24 ec 9f 1c 0e 5f 8e 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 33 ... 1474 more bytes>,
        @calcom/web:start:     issuerCertificate: {
            @calcom/web:start:       subject: [Object: null prototype],
            @calcom/web:start:       issuer: [Object: null prototype],
            @calcom/web:start:       infoAccess: [Object: null prototype],
            @calcom/web:start:       ca: true,
EEA66536BC74EABC504CEAFC21F338169394BAB0D36B3806CD16127ACA5275C8AD76B2C29C5D98455C6F617BC62DEE3C13528601D957E6381CDF8DB51F92919AE74A1CCC45A87255F0B0E6A307ECFDA71B669E3F488B71847158C93AFAEF5EF25B442B3C74E78FB247C1076ACD9AB70D96F712812651540AEC61F6F7F5E2F28AC8950D8D',
            @calcom/web:start:       bits: 2048,
            @calcom/web:start:       exponent: '0x10001',
            @calcom/web:start:       pubkey: <Buffer 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 cf 57 e5 e6 c4 54 12 ed b4 47 fe c9 27 58 76 46 50 ... 244 more bytes>,
            @calcom/web:start:       valid_from: 'Mar 13 00:00:00 2024 GMT',
            @calcom/web:start:       valid_to: 'Mar 12 23:59:59 2027 GMT',
            @calcom/web:start:       fingerprint: '00:AB:EF:D0:55:F9:A9:C7:84:FF:DE:AB:D1:DC:DD:8F:ED:74:14:36',
            @calcom/web:start:       fingerprint256: '9D:7C:3F:1A:A6:AD:2B:2E:C0:D5:CF:1E:24:6F:8D:9A:E6:CB:C9:FD:07:55:AD:37:BB:97:4B:1F:2F:B6:03:F3',
            @calcom/web:start:       fingerprint512: 'C5:D1:DD:8B:4E:E8:A1:7A:35:1B:B0:FA:40:CC:02:0E:9B:33:64:C5:9D:90:06:BA:DE:CC:61:BD:5C:A0:C2:B9:72:9E:AB:50:DA:16:66:33:E4:B0:36:0A:B9:14:C4:2A:A7:4C:CA:86:16:40:E0:AB:E5:51:44:30:BB:0D:AE:AA',
            @calcom/web:start:       ext_key_usage: [Array],
            @calcom/web:start:       serialNumber: '4BA85293F79A2FA273064BA8048D75D0',
            @calcom/web:start:       raw: <Buffer 30 82 05 05 30 82 02 ed a0 03 02 01 02 02 10 4b a8 52 93 f7 9a 2f a2 73 06 4b a8 04 8d 75 d0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b ... 1239 more bytes>,
            @calcom/web:start:       issuerCertificate: [Object]
            @calcom/web:start:     
        }
        @calcom/web:start:   
    },
    @calcom/web:start:   code: 'ESOCKET',
    @calcom/web:start:   command: 'CONN'
    @calcom/web:start: 
}
@calcom/web:start: 2024-12-25 19:12:04.732 UTC [WARN] (next-collect/server) - [WARN] Can't send data to jitsu: fetch failed  [TypeError: fetch failed] {
    @calcom/web:start:   cause:  [ConnectTimeoutError: Connect Timeout Error] {
        @calcom/web:start:   name: 'ConnectTimeoutError',
        @calcom/web:start:   code: 'UND_ERR_CONNECT_TIMEOUT',
        @calcom/web:start:   message: 'Connect Timeout Error'
        @calcom/web:start: 
    }
    @calcom/web:start: 
}