202 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
Latest 7 Posts
Composing With Docker
Thu, Nov 2nd 2017 8
Hacktoberfest and More
Tue, Oct 24th 2017 7
Go Evergreen
Tue, Oct 17th 2017 13
Change is in the Air
Fri, Sep 1st 2017 10
Open Source Contribution
Fri, Jun 16th 2017 6
Docker Quick Tips
Fri, Apr 28th 2017 4
Notes in 9: Dev Tools Grab Bg
Tue, Apr 4th 2017 6
Top 10
Building Java Objects From JSON
Thu, Jan 22nd 2015 15
Go Evergreen
Tue, Oct 17th 2017 13
Task Runners pt.4
Thu, Dec 17th 2015 11
REST is Best
Wed, Sep 17th 2014 10
Eric and the Quest for More Coffee, pt.2
Fri, Jul 15th 2016 10
Git Squash
Thu, Oct 20th 2016 10
Change is in the Air
Fri, Sep 1st 2017 10
Everything Old is New Again
Mon, Oct 24th 2016 9
Notes in 9: Docker + SonarQube
Wed, Feb 24th 2016 8
Scripting Server Upgrades
Fri, Nov 11th 2016 8

Manually Renewing HTTPS w/ Let's Encrypt
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious


A while back, I rolled a personal project, which is a Node app, to Bluemix for lightweight use. I managed to make use of Let’s Encrypt for the HTTPS certificate, but only after realizing that there was a bit of a manual aspect to it that is the antithesis of an automated script for such things. Ultimately, after finding some information in a blog post form Marky Roden (of all people), I was able to get moving. The only downside wound up being that time passed, and it came time to renew the certificate before my 90 days was up. Thankfully, I had done some minor documenting of the steps I took, which made updating the HTTPS certificate a bit easier. What follows is some of how I configured my application for easier implementation.

The .well-known/acme-challenge Route

As part of the validation process, the Let’s Encrypt / certbot script needs to “call home” to verify your server is who it claims. The exact command I ran with certbot-auto followed the format of:

*note: you can add --dry-run to the end to… perform a “dry run”

Here’s what it looks like when I ran the certbot-auto script:

Marky’s example shows handle established in his Node + Express app, providing a response on the given relative path of <domain>/.well-known/acme-challenge/<uuid-string>. This is something that would require manual updating of the code base, so it’s naturally the first thing I removed. This was a perfect job for a pair of environment variables, in my opinion. I implemented it in the code as such:

This means that so long as my Node app can resove the LETS_ENCRYPT_ROUTE and LETS_ENCRYPT_VERIFICATION values accordingly, I’m in business. This is done rather easily via the “Environment Variables” page of my application’s dashboard, in the “user defined” tab.

Once this is all done, you can replace the certificates for the custom domain with the freshly generated certificates. I added my certificate files (.pem) as the screen shot shows and it looks good in both the Bluemix dashboard and my Chrome inspector.

Sequence of Events

Generally speaking, the order of events to take are:

  • ensure you have the certbot script on the machine you’ll be generating the certificates on
  • ensure your custom domain is set up
  • log into your Bluemix dashboard and go to your environment variables to update with values from the certbot script
  • run the certbot script, obtain the values for the URL path and the response value
  • enter those as the corresponding environment variables (allow for the app to restart, as needed)
  • continue the certbot script, which should now successfully validate

One Hiccup

A strange hiccup I encountered was what I believe to be a false positive in regards to my deletion of the existing (old) certificate. After a few tries, or a minor passage of time, it all rectified itself.


Since Let’s Encrypt is now by all regards widely successful, with over 5 million certificates issued, I can’t help but wonder how easy this should be on any modern PaaS, such as Bluemix. Gone are the days of needing to pay lots of money for an HTTPS certificate, so the automation, configuration, and management of HTTPS certificates on behalf of the user should be a minor formality, not to mention useful. Do note, Bluemix does have a wild card HTTPS certificate which applies to any of its .mybluemix.net addresses, so this is unique to custom domains.

One Last Call For MWLUG

MWLUG 2016 is nearly here. If you’re able to, I really recommend coming to the event, as there are a great many people with a passion for what they do, who are looking to share. It’s been a great event each time I’ve had the pleasure to attend and I’m glad to be going back, and speaking.

You can find me on Friday, the 19th of August, in Ballroom D, from 1:30pm - 2:30pm. It’s my aim to expand a bit on the theme I’ve settled on over the last year, which is a combination of best practices for stability, maintenance, and documentation, along with the incorporation of front-end tooling to enhance the developer’s workflow (full abstract below) and ease the task of multi-platform development capabilities. I hope to see you there! :beers:

BP101: A Modernized Developer’s Workflow with Domino/XPages

Watch, listen, and feel free to follow-along with a full-stack approach to how to build better applications with Domino/XPages, MVC principles in action in the back-end, RESTful API creation, along with advanced framework implementation in the front-end, with advanced tooling to help automate our coding process, unit tests, and even the ability to mock the back-end for front-end development outside of Domino Designer. This session seeks to help developers advance their workflow and produce higher quality, more performant and optimized applications with the Domino server they already have and the modern front-end tooling they want to incorporate.

Jul 27, 2016
6 hits

Recent Blog Posts
Composing With Docker
Thu, Nov 2nd 2017 2:00p   Eric McCormick
Background About a year ago, I blogged on automating server upgrades with Docker and a BASH script. This met the needs I had at the time, and worked itself out to be pretty stable. But, since I think about such things and always question my preconceptions, I went down a path of creating a Docker compose config file, something I wouldn’t have had to create from scratch by waiting a little while as one appeared as an example from GitLab. As it turns it, it was a great learning experience regardl
Hacktoberfest and More
Tue, Oct 24th 2017 2:00p   Eric McCormick
Hacktoberfest 2017 October brings many good things with it. It’s the beginning of autumnal colors here, along with some yard raking in my case. It also brings with it not just Oktoberfest, but Hacktoberfest! Hacktoberfest 2017 Hacktoberfest is a month long open source support initiative, sponsored by Digital Ocean, partnering with GitHub. It’s meant to promote open source involvement and contribution. As added incentive, if you meet the criteria, you can get a free t-shirt (and stickers).
Go Evergreen
Tue, Oct 17th 2017 4:00p   Eric McCormick
Happy 🎂 Day IE 11! On the 17th of October in 2013, Internet Explorer 11 was released from Microsoft. That means that as of today, this popular* browser is now four years old and, with all respect to it, it really ought to go. Good day sir. I said good day! Evergreen Browsers What makes a browser, or any software for that matter, evergreen? Well, the basic requirements for a browser, or any piece of software for that matter, are specifically the support of automatic updates, that bring in:
Change is in the Air
Fri, Sep 1st 2017 1:00p   Eric McCormick
I’m Back What Can I Say? In Case You Missed It If you find yourself asking “where was Eric?”, this should summarize it all: Instead of trying to do everything all summer, I tend to take a break from blogging and a lot of open source endeavors over the summer. It means I can focus on family time along with yard and house projects. Ah... Summer That’s all paid off and, with fall fast approaching, I’ve found myself wanting to start those things back up; ramping up into winter when
Open Source Contribution
Fri, Jun 16th 2017 5:00p   Eric McCormick
Intro It’s time to clear some of the backlog. I started this post a few months back and it should probably be sent on its way to clear the pile of drafts I haven’t finished yet… 🤔 I have a bit of a passion for open source software. My preferred distribution of Linux has been Ubuntu since 4.10, the Warty Warthog (I was even a minor contributor on a short lived, wildly popular project that aimed at improving the Ubuntu experience early on), I’ve enjoyed most open source projects I’ve
Docker Quick Tips
Fri, Apr 28th 2017 3:00p   Eric McCormick
Docker If you have been living under a rock, Docker is pretty much amazing. If you haven’t been living under a rock, you may be getting used to the idea of Docker, but still have the occasional question. I’ve found myself using Docker in increasing amounts and complexity over the last year or so. I’ve recently decided to start recording some of the tasks I’ve found useful, some of which may be less familiar to a beginner. If you’re so inclined, check out the playlist, embedded here.
Notes in 9: Dev Tools Grab Bg
Tue, Apr 4th 2017 1:00p   Eric McCormick
Intro I’m on Notes in 9 again, with a “grab bag” of a couple of tools I’ve put together recently that may be of a varying degree of useful for other Domino + XPages developers. You don’t need these to do development, but for the right person, they may help with their development workflow. Also of note, with the upgrade to Swiper with the FP8 release of Notes + Domino Designer, the limitations previously mentioned are no longer there! This means that my second tool I talked about, node-
Custom JSON Serialization With GSON
Mon, Jan 23rd 2017 2:00p   Eric McCormick
Intro Here’s a curious one, in which I found myself with a limitation of not being able to output JSON with scientific notation values. wait, what? If you’re wondering why that is, since both JSON and JavaScript allow scientific notation of number values, you are absolutely correct and that’s a great question. The strange thing was that I found myself outputting perfectly valid JSON to be consumed by something specific which didn’t allow scientific notation. I’m not entirely sure wh
Recapping 2016
Mon, Jan 16th 2017 3:00p   Eric McCormick
Intro Per usual, I’ve had a little break between things and decided to catch up with a bit of a summary of some recent things that each didn’t necessitate their own post. 2017 IBM Champion For starters, I’m honored to be named an IBM Champion in Collaboration Solutions (/ Social Business) for the third time. This would be a hat trick in (ice) hockey 🏒. I’m happy to be recognized with a group of people, developers and more, who are passionate about both their work and the plat
Scripting Server Upgrades
Fri, Nov 11th 2016 12:00a   Eric McCormick
Intro This one might be slight departure from my usual, but those that have followed my blogging this past year will have noticed a bit more of a leaning towards DevOps in some of my posts. This echoes a lot of what I’ve been concluding as increasingly a necessary part of development; that we need to consider a picture large enough to encompass the themes surrounding development functions and, like any good developer (DRY ~= “lazy”), automate the heck out of it. Overview I had previously

Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition