On 25/11/16 02:37, Steve Litt wrote:
"sees the self-signed cert"? Did you've added it as trusted to the CA as Greg said and wrote what to do?
No. I don't want to deal with a third party "Trusted Party": I want it self-signed. What I was looking for was a way Alpine could be set to check for a cert, warn if the cert is conflicting, but not warn if it's self-signed.
I used self-signed certs for ages, when I did so, I installed MY OWN root CA in to various machines as needed -- sometimes that meant in multiple locations (one for IE and Chrome in Winblows world and another place for Firefox).
Anyway, that has all stopped now as I use Let's Encrypt certs everywhere without any problems.
My exim4 has the updated cert, the same cert goes to my webserver and gets pointed to for dovecot. No more issues of self-signed certs, I can every have lots of related sub-domains to make it even better without needing lots of different certs.
There is one advantage of using self-signed, that is, you get to trust yourself and the certs 100%, but others won't do so; so, all in all, it is better to use official certs that are widely accepted.
I sure understand that the world of zillions of CAs to trust is a woeful one, but it works better than the trouble of using self-signed certs.
NB: I don't do full auto certs, I have a process where I put servers in maintenance mode and manually update the certs, put them in place and restart all the services that use them.... apache2, exim4, dovecot, ejabber -- all using LE certs.
Cheers AndrewM