#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Include Support for Let‘s Encrypt

see https://midpoints.de/de-solutions-LE4D

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 14 2018
  • Planning to implement
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    17 Sep 12:32

    Regarding DNS APIs:

    I currently use a basic Shell-Script to renew the Lets Encrypt Certificates on our Linux Domino-Servers which leverages

    https://github.com/acmesh-official/acme.sh/wiki &

    https://github.com/acmesh-official/acme.sh/wiki/dnsapi

    Basically:

    Run acme.sh with DNS API

    acme.sh --issue --dns dns-provider -d mycompany.com -d www.mycompany.com -d mobile.mycompany.com

    Tis generates Host-Key, Host-Certificate and a Certificate-Chain File (PEM, base64 encoded)

    I concatenate the Host-Key and Certificate-Chain File into a new file.

    After that, I check if the Domino Keyring already exists, if it does not, create the Keyring using kyrtool.

    Next step: Import the new file (Host-Key +Chain) into the Keyring using kyrtool

    After that: switch to the notes-User and run server -c "restart task http" to pick up the new certificate from the keyring.

    The script runs periodically using cron.

    Theoretically this should be available on Windows too, if you install something like git bash or cygwin.

    Best Regards,

    Patrick

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    16 Sep 10:57

    LetsEncrypt does NOT require a static IP. We ran it for years with dynamic IP addresses. The only applications to require a static IP are mail servers.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    24 Mar 12:52

    Just to add a feature request, DNS validation is important as most Domino Servers are not open to the public networks. I know there are difficulties with DNS APIs, but I still think there could be extension points left to the advanced use cases.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 06, 2019 00:29

    Agreed. However, each of these "free" SSL sites requires a static public IP, which defeats the scalability and the "free" in LetsEncrypt. The app works GREAT though! This limitation is not in the LetsEncrypt for Domino app, but Domino's HTTP/2 SNI support.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    September 24, 2018 06:52

    At LEAST add the Root- and Intermediate certificates of LetsEncrypt to Domino (cacerts key file and pubnames.nft)

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 16, 2018 07:48

    This makes an admin live so much easier. Speaking from personal experience!