Hi, I have my own TLS certificates and I don’t want Mail-in-a-Box to automatically request or renew certificates via Let’s Encrypt.
Is there a way to disable the Let’s Encrypt integration completely?
Currently, I patched the code by editing:
# in management/ssl_certificates.py
def provision_certificates():
print("Let's Encrypt integration is DISABLED by custom patch.")
return []
Even after the patch, I still receive the system status email showing TLS certificate expiration or Let’s Encrypt-related messages. The patch avoids certbot execution, but the status check logic still seems to run.
Is there a cleaner way to suppress both the certificate request?
I’m running Mail-in-a-Box in a VM within a private network. All TLS certificates are managed externally on a separate public web server that handles Let’s Encrypt issuance and renewal. Because ports 80 and 443 are already in use on the web server, Mail-in-a-Box can’t perform its own ACME challenges.
To make the certificates available, I mount them via NFS into /home/user-data/ssl inside the Mail-in-a-Box VM. However, Mail-in-a-Box still attempts to provision certificates with certbot, which breaks the symlinks or NFS-mounted paths.
To stop that, I patched provision_certificates() in management/ssl_certificates.py to return early. That prevents certbot from running, but I still receive status emails and web UI warnings related to certificate expiration or Let’s Encrypt.
Is there an official or cleaner way to fully disable Let’s Encrypt integration—both provisioning and checks—without disabling TLS support entirely?