Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

 
alt

Daniel Nashed

 

Blog Certificate updated and Let’s Encrypt Update

Daniel Nashed  8 August 2017 09:30:13
My certificate expired after 90 days because I did not track it. And the Let's Encrypt original client configuration did not work any more when I was looking into renewal today.
The client was Python based and there is a newer client -->
https://certbot.eff.org/ which is officially recommended by Let's Encrypt.

It's still complicated to use and you need to have Python installed.

But since I first implemented it there are many other ACME clients that properly integrate with Let's Encrypt ->
https://letsencrypt.org/docs/client-options/.
There are even two simple shell script based clients which both do not require root permission and work in combination with Domino.


I have installed the "getssl" script (
https://github.com/srvrco/getssl) and it was quite easy to implement, even for a server with multiple certificates (SAN cert).

And I also updated my shell script to automatically generate a Domino keyring file now with the getssl script.

But it still needs a manual restart of all servertasks that use the certificate. So it is not a completely automated process yet.


The gettssl script works with the Domino html root and port 80.  

With some additional checks I could potentially automate certificate updates on my server completely.

For now there is a manual step required.


Is anyone using Let's Encrypt Certificates with Domino? Which ACME client are you using?



Let's Encrypt Certificates are a good alternative if certificate updates would be automatically installed.

Right now it's a simple shell script. I could polish it and make it available if there is demand for it.


What do you think? Any feedback is welcome!


-- Daniel



Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]