SECURING
The following diagram illustrates the components and steps involved in a certificate request to the Let's Encrypt CA when HTTP-01 challenges are used.
Components
Diagram key:
(A) Formerly stored in kyr file(B) Challenge needed to verify request(C) ACME account credentials used to authenticate with ACME-based CA such as the Let's Encrypt CA(D) Proxy account needed for outgoing communication if needed
Flow
1. CertMgr creates account (C) with ACME CA server
2. CertMgr creates key pair and writes it to CertStore (A)
3. CertMgr creates CSR and sends it to ACME CA server
4. CertMgr saves received challenge (B) in CertStore
5. ACME CA server requests challenge on port 80 to verify domain ownership
6. Domino HTTP replies with challenge (B) from CertStore
7. CertMgr receives certificate chain and writes it to CertStore (A)
8. HTTP (and INET tasks) read certificates and keys from CertStore (A)
Notes