diff --git a/CHANGES b/CHANGES
index 20e4b96e2..83db78ccf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1584,4 +1584,5 @@
 * Preserve update backups for 3 weeks
 * Make send test mail functionality work with secondary domain
 * Add support for an external email relay that does not require authentication
+* Add option to accept self-signed certs when using external mail relay
 
diff --git a/src/mail.js b/src/mail.js
index 0d2755958..0afb49de9 100644
--- a/src/mail.js
+++ b/src/mail.js
@@ -180,6 +180,8 @@ function checkSmtpRelay(relay, callback) {
         };
     }
 
+    if (relay.acceptSelfSignedCerts) options.tls = { rejectUnauthorized: false };
+
     var transporter = nodemailer.createTransport(smtpTransport(options));
 
     transporter.verify(function(error) {
diff --git a/src/routes/mail.js b/src/routes/mail.js
index a20b800ac..8cf28e000 100644
--- a/src/routes/mail.js
+++ b/src/routes/mail.js
@@ -170,6 +170,7 @@ function setMailRelay(req, res, next) {
     if ('port' in req.body && typeof req.body.port !== 'number') return next(new HttpError(400, 'port must be a string'));
     if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be a string'));
     if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be a string'));
+    if ('acceptSelfSignedCerts' in req.body && typeof req.body.acceptSelfSignedCerts !== 'boolean') return next(new HttpError(400, 'acceptSelfSignedCerts must be a boolean'));
 
     mail.setMailRelay(req.params.domain, req.body, function (error) {
         if (error && error.reason === MailError.NOT_FOUND) return next(new HttpError(404, error.message));