[Feature Request]: Allow disable SMTP certificate verification #2572

New Issue

OVERLORD · 2026-02-05T04:32:21+03:00

OVERLORD commented

2026-02-05 04:32:21 +03:00

Originally created by @azhinu on GitHub (Jan 14, 2022).

Describe the feature you'd like

I didn't find any way to use SMTP server with self signed certificate.

It would be great to have an option like 'MAIL_TLS_VERIFICATION=true/false'

To allow insecure certs we need only add folowing to app/Config/mail.php

'stream' => [
   'ssl' => [
       'allow_self_signed' => true,
       'verify_peer' => false,
       'verify_peer_name' => false,
   ],
],

Describe the benefits this feature would bring to BookStack users

Sometimes users need to use self signed certificates and usually services allow to disable TLS verification, but not bookstack.

Additional context

No response

Originally created by @azhinu on GitHub (Jan 14, 2022). ### Describe the feature you'd like I didn't find any way to use SMTP server with self signed certificate. It would be great to have an option like 'MAIL_TLS_VERIFICATION=true/false' To allow insecure certs we need only add folowing to [app/Config/mail.php](https://github.com/BookStackApp/BookStack/blob/master/app/Config/mail.php) ``` 'stream' => [ 'ssl' => [ 'allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false, ], ], ``` ### Describe the benefits this feature would bring to BookStack users Sometimes users need to use self signed certificates and usually services allow to disable TLS verification, but not bookstack. ### Additional context _No response_

OVERLORD added the 🔨 Feature Request label 2026-02-05 04:32:21 +03:00

OVERLORD closed this issue

2026-02-05 04:32:24 +03:00

OVERLORD commented

2026-02-05 04:32:31 +03:00

@lue30499 commented on GitHub (Apr 1, 2022):

I would like this as well. I have a local server just for email notifs that I just have a self-assigned cert on.

@lue30499 commented on GitHub (Apr 1, 2022): I would like this as well. I have a local server just for email notifs that I just have a self-assigned cert on.

OVERLORD commented

2026-02-05 04:32:35 +03:00

@ssddanbrown commented on GitHub (Apr 1, 2022):

An alternative solution is to add your certificate CA to the host's trusted certificate store, that way I don't think you'd need to then disable additional security options.

@ssddanbrown commented on GitHub (Apr 1, 2022): An alternative solution is to add your certificate CA to the host's trusted certificate store, that way I don't think you'd need to then disable additional security options.

OVERLORD commented

2026-02-05 04:32:43 +03:00

@azhinu commented on GitHub (Apr 2, 2022):

@ssddanbrown it's too complicated for quick local testing purposes.

@azhinu commented on GitHub (Apr 2, 2022): @ssddanbrown it's too complicated for quick local testing purposes.

OVERLORD commented

2026-02-05 04:32:46 +03:00

@MDKAOD commented on GitHub (Dec 20, 2022):

+1 on this request. I can confirm that the merged code works. I modified mail.php and I was able to use smtp. Sendmail was not working and threw an empty request received 220 error. Any chance this will be pushed?

@MDKAOD commented on GitHub (Dec 20, 2022): +1 on this request. I can confirm that the merged code works. I modified mail.php and I was able to use smtp. Sendmail was not working and threw an empty request received 220 error. Any chance this will be pushed?

OVERLORD commented

2026-02-05 04:32:48 +03:00

@rockenren commented on GitHub (Feb 26, 2023):

Upvote for adding this feature as option.

If I remember correctly, smtp without certificate validation worked some versions ago (I have test email from March, 2022 in my mailbox from our bookstack instance, mail server always have self-signed certificate).

@rockenren commented on GitHub (Feb 26, 2023): Upvote for adding this feature as option. If I remember correctly, smtp without certificate validation worked some versions ago (I have test email from March, 2022 in my mailbox from our bookstack instance, mail server always have self-signed certificate).

OVERLORD commented

2026-02-05 04:32:51 +03:00

@a-carvallo commented on GitHub (Mar 21, 2023):

Had this issue after updating bookstack, though the option for ssl didn't work for me since its location seems to have moved with Laravel 9 (https://github.com/laravel/framework/discussions/41385).

I also get @ssddanbrown's concerns in https://github.com/BookStackApp/BookStack/pull/3439 but in my case it's a local SMTP server with no security at all basically.

@a-carvallo commented on GitHub (Mar 21, 2023): Had this issue after updating bookstack, though the option for ssl didn't work for me since its location seems to have moved with Laravel 9 (https://github.com/laravel/framework/discussions/41385). I also get @ssddanbrown's concerns in https://github.com/BookStackApp/BookStack/pull/3439 but in my case it's a local SMTP server with no security at all basically.

OVERLORD commented

2026-02-05 04:32:52 +03:00

@talesrodarte commented on GitHub (Apr 14, 2023):

That functionality would be great. It is always necessary to correct in other ways and that takes time. It is very common for email servers to have self-signed certificates.

@talesrodarte commented on GitHub (Apr 14, 2023): That functionality would be great. It is always necessary to correct in other ways and that takes time. It is very common for email servers to have self-signed certificates.

OVERLORD commented

2026-02-05 04:32:55 +03:00

@ssddanbrown commented on GitHub (Apr 23, 2023):

This has now been added as per of #4126. Will be part of the next feature release.
The setting to add to your .env fill be as follows:

MAIL_VERIFY_SSL=false

@ssddanbrown commented on GitHub (Apr 23, 2023): This has now been added as per of #4126. Will be part of the next feature release. The setting to add to your `.env` fill be as follows: ```bash MAIL_VERIFY_SSL=false ```

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2572