SECURING
Request a certificate from the Let's Encrypt CA using the certstore.nsf interface.
Before you begin
Complete the following procedures:
1. Start the HTTP server task on the server.
2. Open certstore.nsf, select the TLS CREDENTIALS -> By Host Name and click Add TLS Credentials.
3. In the Certificate provider field, selectACME.
4. In the Host names field, specify the host names of the internet-facing servers to request a certificate for.
6. The values for other fields are derived from the Global Settings you specified in Configuring Global Settings. Adjust these fields, if necessary.
7. Click Submit Request.
Results
The following steps occur to process the request:
1. Generate a key pair for the TLS credentials and store it in the new TLS Credentials document, encrypted for the servers listed in theServers with access field. This step is done only for the initial certificate request and not for subsequent requests.
2. Create a Certificate Signing Request (CSR) and submit it to the Let's Encrypt CA for certification.
3. If you use HTTP-01 challenges, the Let's Encrypt CA sends the challenge to CertMgr over the ACME protocol for each host name you register. The challenge is stored in the certstore.nsf database for HTTP task to pick up when the Let's Encrypt service requests the challenge to verify the identity of the requesting Web server.
5. CertMgr writes the new certificate chain to the new TLS Credentials document. Any Domino server listed in the Servers with access field can use the certificate chain once the new document replicates to its replica of the certstore.nsf database.
6. By default a keyfile.kyr is generated holding the private key, certificate, and certificate chain including the CA's root certificate. The kyr file is stored in the key file document. If CertMgr requests a certificate for the local machine (the local server is listed in "Servers" field of the keyfile document) the kyr-file is automatically deployed to the server's data directory -- ready to use for HTTP and other internet protocols to use.
Parent topic: Managing certificates with the Let's Encrypt CA
Related tasks Configuring a port for TLS Setting up Domino security for Internet site documents