SECURING


Let's Encrypt certificate request flow for HTTP-01 challenges

The following diagram illustrates the components and steps involved in a certificate request to the Let's Encrypt CA when HTTP-01 challenges are used.


Certificate request flow chart

Components

Diagram key:

(A) Formerly stored in kyr file(B) Challenge needed to verify request(C) ACME account credentials used to authenticate with ACME-based CA such as the Let's Encrypt CA(D) Proxy account needed for outgoing communication if needed

Flow

1. CertMgr creates account (C) with ACME CA server

2. CertMgr creates key pair and writes it to CertStore (A)

3. CertMgr creates CSR and sends it to ACME CA server

4. CertMgr saves received challenge (B) in CertStore

5. ACME CA server requests challenge on port 80 to verify domain ownership

6. Domino HTTP replies with challenge (B) from CertStore

7. CertMgr receives certificate chain and writes it to CertStore (A)

8. HTTP (and INET tasks) read certificates and keys from CertStore (A)

Notes


Parent topic: Managing certificates with the Let's Encrypt CA