Self signed certificate and --insecure-tls parameter

I am running a restic-server with a self signed certificate. Is my following assumption correct?

I need to use the --insecure-tls parameter on the sender side. Else one gets the error message: remote error: tls: bad certificate

BTW, thank you all for this vey nice project!

You have to use that option/parameter/flag with the restic binary unless you have added your own Certificate Authority into the list of trusted CAs on the system where you run restic. So you have two options, basically.

Note that you can use e.g. Let’s Encrypt to provide certificates for your rest-server (it’s not called restic-server), instead of self-signed ones. But that’s really only useful for publically facing servers.

Thank you for your answer.