HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Needs Review
Workspace Domino
Categories Administration
Created by Guest
Created on Feb 20, 2026

RELATED IDEAS

Support for DNS-PERSIST-01 ACME challenges

A new DNS-based ACME challenge for SSL certificates is currently in draft: https://letsencrypt.org/2026/02/18/dns-persist-01.html

This allows the renewal of SSL certificates for servers that are not exposed to the public internet, without having to update DNS for every renewal. Instead, a DNS TXT record only needs to be written once (presumably manually). The ACME client (i.e. CertMgr) can then renew the certificate without needing to make further DNS updates.

This is expected to go into production at Let's Encrypt in Q2 2026 - it would be useful to have this functionality in CertMgr.

  • Attach files
  • Guest
    Feb 24, 2026

    Interesting new challenge type. It's still draft but already in the Pebble test server. I took a quick look today also to make sure this is not breaking Domino CertMgr when introduced by Let's Encrypt later.

    IMHO this challenge type is less secure then the other challenge types. Having a short timed secret which is rotated often makes sense.

    My bigger concern would be that admins would get setting manual text records wrong, which could cause quite some support cases.

    The DNS-01 automation get the DNS TXT records written in the right way.

    If you would need a DNS TXT Record integration for a provided which has a proper REST-API please open an issue [here] (https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/issues) if you have a test account and a API reference. I would volunteer to help building an integration if that helps.

    What you can also use today is a CNAME delegation to a different domain where you have a DNS-01 text API.
    The CNAME is a kind of redirect.

    [ Daniel Nashed / https://blog.nashcom.de ]


    Reply
                                    Copyright © 2025 HCLSoftware Limited