fighting for truth, justice, and a kick-butt lotus notes experience.


Detlev Poettgen


Announcing - Lets Encrypt for Domino - Just Do SSL

 23 August 2017 16:16:43
To enable HTTPS on your website, you need to get a certificate from a public Certificate Authority (CA). Let’s Encrypt is such a CA, which offers free trusted certificates. The only limit is that the certificates expire after 90 days. But you can renew them as often as you like.

There are several clients around to retrieve a certificate from Let’s Encrypt. But none of them offer a consistent way to automate the process, when using Domino as your HTTP-Server. Either the client tool is only available for Linux, or you have to install additional Perl/Python interpreter on your Domino server machine to run scripts. And then there is the Domino properitary keystore format :-(

We at midpoints were looking for a solution to get Let’s Encrypt certificates working together with Domino as close and automated as possible.
So we started the midpoints Let’s Encrypt 4 Domino project for internal use.

Let’s Encrypt for Domino == Let’s Encrypt 4 Domino == LE4D (spoken as lead)

After we got it working, we decided to make the tool available for free, because the Let's Encrypt certs are for free and so midpoints LE4D should be free, too. SSL is important and you should use it.

Yes, you can get  it for free!

Image:Announcing - Lets Encrypt for Domino - Just Do SSL

What midpoints LE4D will do in detail?

The short answer - A lot!

In more details:

- Creates a Let's Encrypt User and Domain Keys
- Creates and puts Let's Encrypt Challenge on your server
- Creates and sends the Signing Request CSR to Let's Encrypt
- Downloads the certificate
- Downloads the Key Chain
- Generates the Domino Key Ring files using the IBM KYRTOOL
- Merges the certificates and chain into the Key Ring
- Backups the generated certificates
- Restarts the HTTP Task
- Periodic Renewal of certificates, when needed

All you will need is our midpoints LE4D template.
Create a new application from the template, create a configuration for your domain and start an agent ( the agent can later be started on a scheduled basis using a program document to renew the certificates).

Interested? Then get your copy of midpoints LE4D today for FREE.

Ulrich Krause aka eknori and myself digged into the Let's Encrypt API to make LE4D possible. Thank you Ulrich that we together got it working!

And we would like to thank Let's Encrypt and the Let's Encrypt community to provide their great Let's Encrypt Cert service.