diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py
index 2068ad9a..afecdfef 100644
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@@ -58,7 +58,7 @@ def has_dane_record(domain, timeout=10):
         # we will receive this non-specific exception. The safe behaviour is to
         # accept to defer the email.
         flask.current_app.logger.warn(f'Unable to lookup the TLSA record for {domain}. Is the DNSSEC zone okay on https://dnsviz.net/d/{domain}/dnssec/?')
-        return app.config['DEFER_ON_TLS_ERROR']
+        return flask.current_app.config['DEFER_ON_TLS_ERROR']
     except dns.exception.Timeout:
         flask.current_app.logger.warn(f'Timeout while resolving the TLSA record for {domain} ({timeout}s).')
     except dns.resolver.NXDOMAIN:
diff --git a/towncrier/newsfragments/1990.bugfix b/towncrier/newsfragments/1990.bugfix
new file mode 100644
index 00000000..394fc05b
--- /dev/null
+++ b/towncrier/newsfragments/1990.bugfix
@@ -0,0 +1 @@
+Fixed roundcube sso login not working.
diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile
index f4399f70..df83bc83 100644
--- a/webmails/roundcube/Dockerfile
+++ b/webmails/roundcube/Dockerfile
@@ -39,7 +39,7 @@ RUN apt-get update && apt-get install -y \
  && sed -i 's,^php_value.*upload_max_filesize,#&,g' .htaccess \
  && chown -R www-data: logs temp \
  && rm -rf /var/lib/apt/lists \
- && a2enmod rewrite deflate expires headers
+ && a2enmod deflate expires headers
 
 COPY php.ini /php.ini
 COPY config.inc.php /var/www/html/config/