diff --git a/doc/mod/notification-email.md b/doc/mod/notification-email.md
index c45e917c..839a5b5a 100644
--- a/doc/mod/notification-email.md
+++ b/doc/mod/notification-email.md
@@ -37,7 +37,8 @@ Also make sure the device has correct time configured, best is to set up
 the ntp client.
 
 Then edit `global-config-overlay`, add `EmailGeneralTo` with a valid
-recipient address. Finally reload the configuration.
+recipient address. Optionally add `EmailServerCertificate` if you have
+certificate verification enabled. Finally reload the configuration.
 
 > ℹ️ **Info**: Copy relevant configuration from
 > [`global-config`](../../global-config.rsc) (the one without `-overlay`) to
diff --git a/global-config.rsc b/global-config.rsc
index 1425764c..43e09bbf 100644
--- a/global-config.rsc
+++ b/global-config.rsc
@@ -31,6 +31,7 @@
 :global EmailGeneralCc "";
 #:global EmailGeneralTo "mail@example.com";
 #:global EmailGeneralCc "another@example.com,third@example.com";
+:global EmailServerCertificate "";
 
 # You can send Telegram notifications. Register a bot
 # and add the token and chat ids here, then install the module:
diff --git a/mod/notification-email.rsc b/mod/notification-email.rsc
index b0ac77ac..b6288821 100644
--- a/mod/notification-email.rsc
+++ b/mod/notification-email.rsc
@@ -37,7 +37,9 @@
 # flush e-mail queue
 :set FlushEmailQueue do={ :onerror Err {
   :global EmailQueue;
+  :global EmailServerCertificate;
 
+  :global CertificateAvailable;
   :global EitherOr;
   :global EMailGenerateFrom;
   :global FileExists;
@@ -90,6 +92,14 @@
     :return false;
   }
 
+  :if (([ /tool/e-mail/get ]->"certificate-verification") ~ "^yes" && \
+       [ :len $EmailServerCertificate ] > 0) do={
+    :if ([ $CertificateAvailable $EmailServerCertificate "email" ] = false) do={
+      $LogPrint warning $0 ("Downloading required certificate failed.");
+      :return false;
+    }
+  }
+
   /system/scheduler/set interval=($QueueLen . "m") comment="Sending..." \
     [ find where name="_FlushEmailQueue" ];