Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed


Blog Certificate updated and Let’s Encrypt Update

Daniel Nashed  8 August 2017 09:30:13
My certificate expired after 90 days because I did not track it. And the Let's Encrypt original client configuration did not work any more when I was looking into renewal today.
The client was Python based and there is a newer client --> which is officially recommended by Let's Encrypt.

It's still complicated to use and you need to have Python installed.

But since I first implemented it there are many other ACME clients that properly integrate with Let's Encrypt ->
There are even two simple shell script based clients which both do not require root permission and work in combination with Domino.

I have installed the "getssl" script ( and it was quite easy to implement, even for a server with multiple certificates (SAN cert).

And I also updated my shell script to automatically generate a Domino keyring file now with the getssl script.

But it still needs a manual restart of all servertasks that use the certificate. So it is not a completely automated process yet.

The gettssl script works with the Domino html root and port 80.  

With some additional checks I could potentially automate certificate updates on my server completely.

For now there is a manual step required.

Is anyone using Let's Encrypt Certificates with Domino? Which ACME client are you using?

Let's Encrypt Certificates are a good alternative if certificate updates would be automatically installed.

Right now it's a simple shell script. I could polish it and make it available if there is demand for it.

What do you think? Any feedback is welcome!

-- Daniel



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]