SECURING
CertMgr simplifies and secures Domino web server operations by providing the ability to automatically request, configure, and renew free, widely trusted TLS certificates from the Let's Encrypt certificate authority (CA) using the ACME protocol.
For more details on the Let's Encrypt CA, see their https://letsencrypt.org/about/.
Certificate signing requests are configured and generated through a domain-wide database called Certificate Store (certstore.nsf). CertMgr creates this database on a server the first time it runs.
Note: Before using the Let's Encrypt certificate authority, you must accept the terms of their https://letsencrypt.org/repository/. This step is done as part of creating a certificate request, either through an option in the account document in Certificate Store (certstore.nsf) or through a command line option.
Let's Encrypt is a trademark of the Internet Security Research Group. All rights reserved.
Let's Encrypt CA challenge options When you receive a certificate from the Let’s Encrypt CA, their servers use challenges to validate that you control the domain names in the certificate. There are two types of challenges supported, both of which are available to use with Domino.
Preparing a Domino server to request certificates from the Let's Encrypt CA To prepare a Domino server to request certificates from the Let's Encrypt CA, follow the procedure that corresponds to the type of challenge to use, either HTTP-01 or DNS-01. HTTP-01 is the challenge most typically used.
Configuring the ACME account profiles There are two ACME Account profile documents in certstore.nsf to configure before you submit your first certificate request to the Let's Encrypt CA.
Requesting a certificate from the Let's Encrypt CA Request a certificate from the Let's Encrypt CA using the certstore.nsf interface.
Let's Encrypt certificate request flow for HTTP-01 challenges The following diagram illustrates the components and steps involved in a certificate request to the Let's Encrypt CA when HTTP-01 challenges are used.