Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Blog Certificate updated and Let’s Encrypt Update

Daniel Nashed  8 August 2017 11:30:13
My certificate expired after 90 days because I did not track it. And the Let's Encrypt original client configuration did not work any more when I was looking into renewal today.
The client was Python based and there is a newer client --> https://certbot.eff.org/ which is officially recommended by Let's Encrypt.

It's still complicated to use and you need to have Python installed.
But since I first implemented it there are many other ACME clients that properly integrate with Let's Encrypt -> https://letsencrypt.org/docs/client-options/.
There are even two simple shell script based clients which both do not require root permission and work in combination with Domino.

I have installed the "getssl" script (https://github.com/srvrco/getssl) and it was quite easy to implement, even for a server with multiple certificates (SAN cert).

And I also updated my shell script to automatically generate a Domino keyring file now with the getssl script.
But it still needs a manual restart of all servertasks that use the certificate. So it is not a completely automated process yet.

The gettssl script works with the Domino html root and port 80.  
With some additional checks I could potentially automate certificate updates on my server completely.
For now there is a manual step required.

Is anyone using Let's Encrypt Certificates with Domino? Which ACME client are you using?

Let's Encrypt Certificates are a good alternative if certificate updates would be automatically installed.
Right now it's a simple shell script. I could polish it and make it available if there is demand for it.

What do you think? Any feedback is welcome!

-- Daniel




  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]