On 09.04.2018 02:37, David Mehler wrote: > what I'm wanting to do is tighten my tls verification options. My > domains each use a different letsencrypt certificate.
Depending on your platform, you could do without any special Roundube configuration. With modern Linux distributions like Gentoo this works: 1. Download LE root CA cert from https://letsencrypt.org/certificates/ 2. Save cert in /usr/local/share/ca-certificates (you might need to create this directory) with '.crt' name suffix. (*) 3. Run 'update-ca-certificates --fresh' as root. 4. Restart your web server. With that, Let's Encrypt is configured as a locally trusted CA for libssl, and in the Roundube configuration only $config['default_host'] = 'ssl://imap.horus-it.com'; is then required, if you match the host name of your certificate. This method benefits any process on your server that uses libssl. -Ralph (*) See 'man 8 update-ca-certificates'. _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
