21 Dec
2017
21 Dec
'17
3:27 a.m.
Joseph Ward writes:
I'm aware of at least a couple of fallback options: ??? -have a self-signed cert for replication and use the Let's Encrypt one for IMAP/POP ??? - create firewall rules allowing them to connect to each other over the public internet so that it can validate the proper cert ? These are both much less palatable than simply disabling the cert validation if it's possible.
Maybe instead of disabling the check, appease it by supplying (in /etc/hosts) an alternate mapping of the FQDN subject of your certificate to your internal IP:
10.x.x.x your.sync.targetJoseph Tam <jtam.home@gmail.com>