Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed

New Nomad Server features -- ACME HTTP-01 challenge support & HTTP redirects via port 9080

Daniel Nashed – 6 July 2024 09:34:50

There are two new features in the latest Nomad Server versions, introduced to Nomad Server without big notice.
I just got the question from a partner  why Nomad Server now binds port 9080 in addition to port 9443 and the internal communication port (only loop back).

The port might be used by other applications like the IBM Spectrum Protect (TDP) -- which was the problem in this customer case.
It turns out the TDP Java based restore GUI and does not work in combination without changing or disabling the port.

Nomad Server listens on port 9080 by default for HTTP redirects

The port is intended to redirect HTTP requests to HTTPS and is an additional functionality not directly needed by Nomad Server.

I would have wished this configuration would be disabled by default and only enabled if needed.
It would need additional configuration, because it is mainly intended to be used behind a reverse proxy.

The port can be changed or completely differently setting the port to 0.

For details check this documentation link:

Nomad Server can respond to Domino CertMgr ACME HTTP-01 challenges

In a configuration, where CertMgr runs behind a Nomad Server and no HTTP or redirected HTTP to HTTPS requests are possible, the Nomad server can handle ACME HTTP-01 challenges directly.

This configuration does not even need the HTTP task running on the Domino server. The Nomad Server reads the challenge response directly from certstore.nsf.

Testing the configuration

There is an example using the CertMgr diagnostic challenge described here -->
After adding the challenge to certstore.nsf manually the challenge can be checked with a curl command or any other tool (e.g. web-browser).

curl -L -v

*   Trying

* Connected to ( port 9080

> GET /.well-known/acme-challenge/DOMINO-CertMgr-DiagChallenge-HTTP01 HTTP/1.1

> Host:

> User-Agent: curl/8.7.1

> Accept: */*


* Request completely sent off

< HTTP/1.1 200 OK

< X-Powered-By: Express

< Date: Fri, 05 Jul 2024 12:14:54 GMT

< Connection: keep-alive

< Keep-Alive: timeout=5

< Transfer-Encoding: chunked


DOMINO-ACME-PROTOCOL-CHALLENGE-DATA-OK* Connection #0 to host left intact

No Comments Found



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]