Blog Certificate updated and Let’s Encrypt Update
Daniel Nashed – 8 August 2017 09:30:13
My certificate expired after 90 days because I did not track it. And the Let's Encrypt original client configuration did not work any more when I was looking into renewal today. The client was Python based and there is a newer client --> https://certbot.eff.org/ which is officially recommended by Let's Encrypt.
It's still complicated to use and you need to have Python installed.
But since I first implemented it there are many other ACME clients that properly integrate with Let's Encrypt -> https://letsencrypt.org/docs/client-options/.
There are even two simple shell script based clients which both do not require root permission and work in combination with Domino.
I have installed the "getssl" script (https://github.com/srvrco/getssl) and it was quite easy to implement, even for a server with multiple certificates (SAN cert).
And I also updated my shell script to automatically generate a Domino keyring file now with the getssl script.
But it still needs a manual restart of all servertasks that use the certificate. So it is not a completely automated process yet.
The gettssl script works with the Domino html root and port 80.
With some additional checks I could potentially automate certificate updates on my server completely.
For now there is a manual step required.
Is anyone using Let's Encrypt Certificates with Domino? Which ACME client are you using?
Let's Encrypt Certificates are a good alternative if certificate updates would be automatically installed.
Right now it's a simple shell script. I could polish it and make it available if there is demand for it.
What do you think? Any feedback is welcome!
-- Daniel
- Comments [11]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}