Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Troubleshooting Domino Let’s Encrypt/ACME HTTP-01 challenges

Daniel Nashed  27 September 2021 05:39:20

CertMgr ACME challenges to confirm a web-server identity require an inbound HTTP connection on port 80 on a server pointing to the DNS entry of the server requesting a new certificate.
Surprisingly this causes a lot of issues. So I added a troubleshooting document to the GitHub project -->
https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/blob/main/docs/troubleshooting_acme_challenges.md.

You can store a test challenge in certstore.nsf which can be queried with a browser, curl and other tools for troubleshooting.

The document describes the requirements in detail and provides troubleshooting tips.


In case you are running into issues with ACME HTTP-01 challenges you should take a look into this document before calling HCL support or asking your local business partner!


-- Daniel

Comments

1Kevin Johnston  27.09.2021 14:56:58  Troubleshooting Domino Let’s Encrypt/ACME HTTP-01 challenges

I initially had some issue with this process but after some expert guidance it became clear that I had made some poor choices in the initial setup of Domino many years ago (just because you CAN do something doesn't make it a good idea).

Having checked through the server log it became clear that a lot of the issues had left clues that I had ignored as on the whole the servers worked. My biggest failure was not noticing that HTTP started but then after a few minutes it stopped which meant the challenge could not work.

End result was a much more logical structure to the whole Domino setup and all the work I have done since has gone by the book.

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]