As that answer on SO says, the error
unable to verify the first certificate means that the webserver you are connecting to is misconfigured and did not include the intermediate certificate in the certificate chain it sent to you.
First, try sending an email with the environment variable
NODE_TLS_REJECT_UNAUTHORIZED=0 set. That should work, confirming the rest of your setup is correct.
You may be able to fix this by changing your email server setup to provide a different certificate, one which embeds the full chain. (Probably
If you can't get that to work, you should try passing the intermediate certificate to Node as a CA. From that SO answer:
Save the remote server's certificate details:
openssl s_client -connect incomplete-chain.badssl.com:443 -servername incomplete-chain.badssl.com | tee logcertfile
We're looking for the issuer (the intermediate certificate is the issuer / signer of the server certificate):
openssl x509 -in logcertfile -noout -text | grep -i "issuer"
It should give you URI of the signing certificate. Download it:
curl --output intermediate.crt http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
Finally, convert it to .pem:
openssl x509 -inform DER -in intermediate.crt -out intermediate.pem -text
Then you want to pass the intermediate certificate by setting the environment variable
Then start NodeBB and try sending an email again.