Custom Certificate for SMTP Server

Axes · December 8, 2025, 6:55am

Hi everyone,

Recently I upgraded my Seafile installation from version 12 to version 13. It was actually very straightforward, I had no issues at all, and the new features like the thumbnail server and metadata are wonderful.

However, during the process I ran into a problem that I had already faced during the installation of version 12 and was never able to solve: automatic registration of a custom certificate for the private SMTP server.

In my case, I have a private SMTP server in my network, which, among other applications, is used by Seafile. The use of this server requires a certificate issued by a private CA, so naturally right now I’m mounting my certificate in /etc/ssl/certs inside the Seafile container.

My problem comes when trying to make Seafile trust it. With my current setup, I’m running openssl rehash after the container is created so that Seafile trusts the certificate and messaging works without issues, but this is a “handmade” solution and not very replicable.

My question is precisely whether there’s a better way to allow Seafile to trust private certificates, such as: being able to mount custom scripts; some variable to tell it where to look for the SMTP certificate; triggering an automatic rehash, etc.

Thanks in advance

Axes · December 13, 2025, 1:14am

Hi everyone,

I’ve discovered a workaround that resolves the issue.

(I’m not a Python expert, so maybe the explanation is not 100 % correct)

Python checks the environment variable **SSL_CERT_FILE**for certificate files (There is also a SSL_CERT_DIR). If this variable is set, Python uses that file to check SSL connections apart from the container trust vault (Which is a per-distro thing). Pointing it to my public CA certificate allowed Seafile to trust my SMTP private server, and virtually any other application using a certificate issued by my private CA.

So, the fix itself is to mount your custom CA certificate into the container and set SSL_CERT_FILE pointing to that file.

To do so in a Docker Compose environment (my setup) I did the following:

services:
seafile:
# …
volumes:
# Mount the custom CA certificate (read‑only)
- /path/to/rootCA.crt:/etc/ssl/certs/my-CA.crt:ro

environment:
# Tell Python to use the mounted certificate
- SSL_CERT_FILE=/etc/ssl/certs/my-CA.crt

This should work in any Python-based app that must rely on SSL validation issued by private CA.

I hope this would help anyone else.