Joseph Ward writes:
I'm aware of at least a couple of fallback options:
??? -have a self-signed cert for replication and use the Let's Encrypt
one for IMAP/POP
??? - create firewall rules allowing them to connect to each other over
the public internet so that it can validate the proper cert
?
These are both much less palatable than simply disabling the cert
validation if it's possible.
Maybe instead of disabling the check, appease it by supplying (in
/etc/hosts) an alternate mapping of the FQDN subject of your certificate
to your internal IP:
10.x.x.x your.sync.target
Joseph Tam <jtam.h...@gmail.com>
