Troubleshooting Domino Let’s Encrypt/ACME HTTP-01 challenges
Daniel Nashed – 27 September 2021 05:39:20
CertMgr ACME challenges to confirm a web-server identity require an inbound HTTP connection on port 80 on a server pointing to the DNS entry of the server requesting a new certificate.
Surprisingly this causes a lot of issues. So I added a troubleshooting document to the GitHub project --> https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/blob/main/docs/troubleshooting_acme_challenges.md.
You can store a test challenge in certstore.nsf which can be queried with a browser, curl and other tools for troubleshooting.
The document describes the requirements in detail and provides troubleshooting tips.
In case you are running into issues with ACME HTTP-01 challenges you should take a look into this document before calling HCL support or asking your local business partner!
-- Daniel
- Comments [1]
1Kevin Johnston 27.09.2021 14:56:58 Troubleshooting Domino Let’s Encrypt/ACME HTTP-01 challenges
I initially had some issue with this process but after some expert guidance it became clear that I had made some poor choices in the initial setup of Domino many years ago (just because you CAN do something doesn't make it a good idea).
Having checked through the server log it became clear that a lot of the issues had left clues that I had ignored as on the whole the servers worked. My biggest failure was not noticing that HTTP started but then after a few minutes it stopped which meant the challenge could not work.
End result was a much more logical structure to the whole Domino setup and all the work I have done since has gone by the book.