I'd considered doing it at the internal DNS server level which I wasn't a fan of because it's a separate server's config that I'd have to rely on to make sure this server was working. The thought of the local hosts file slipped my mind. That is a good idea; it meets my needs, and keeps everything in the same "create mail server" ansible file.
Thank you!
-Joseph
On 12/20/2017 20:27, Joseph Tam wrote:
Joseph Ward writes:
I'm aware of at least a couple of fallback options: ??? -have a self-signed cert for replication and use the Let's Encrypt one for IMAP/POP ??? - create firewall rules allowing them to connect to each other over the public internet so that it can validate the proper cert ? These are both much less palatable than simply disabling the cert validation if it's possible.
Maybe instead of disabling the check, appease it by supplying (in /etc/hosts) an alternate mapping of the FQDN subject of your certificate to your internal IP:
10.x.x.x your.sync.target
Joseph Tam jtam.home@gmail.com