Thanks Ralph, i’ll look into that.

I think let’s encrypt uses certbot though and it can’t do email certificates 
(although i’m sure i can convert the cert i get from let’s encrypt, i’ll look 
into it.
> On 9 Aug 2017, at 16:40, Ralph Seichter <> wrote:
> On 09.08.2017 17:20, Alef Veld wrote:
>> So i’m using dovecot, and i created a self signed certificate with
>> based on dovecot-openssl.cnf. The name in there matches my
>> mail server.
>> The first time it connects in mac mail however, it says the certificate
>> is invalid and another server might pretend to be me etc.
> This is to be expected for self-signed certificates. The MUA (Apple Mail
> in your case) cannot know that the certificate is trusted until you
> confirm it.
> For certificates signed by third parties, the client (or OS) performs
> the same checks. If a chain of trust can be established based on the
> client/OS certificate store, which comes pre-populated with well-known
> third party CA certificates, allowing to verify certificate signatures,
> your MUA will trust the presented certificate without you confirming it.
> I recommend you look into using a free Let's Encrypt certificate (see
> instead of a self-signed certificate.
> -Ralph

Reply via email to