SECURING


Let's Encrypt CA certificate request: Quick Start

If your HCL Domino server is connected to the internet over outgoing port 443 and incoming port 80/443, you can request a certificate from the Let's Encrypt CA for the server with the CertMgr command.

About this task

This command requests a certificate using an HTTP-01 challenge.

Procedure

Run the following command at the server console:

load certmgr -ACCEPT_TOU_AUTO_CONFIG

Note: This command is equivalent to:

load certmgr -r -c -o -y  -ACCEPT_TOU

Results

CertMgr loads and completes the following steps:

1. Accepts the terms of operations for Let's Encrypt (-ACCEPT_TOU).

2. Creates certstore.nsf.

3. Determines the host name of the machine and requests a first certificate (-r).

4. Starts HTTP (-o) or restarts HTTP if already running (-c).

5. Runs the ACME protocol operations to request a certificate from the Let's Encrypt CA.

This same certificate request scenario can be automated using the following notes.ini settings:

CertMgr_ACCEPT_TOU=1CertMgr_AutoRequestCert=1CertMgr_AutoConfigHttp=1

Parent topic: Managing certificates with the Let's Encrypt CA

Related concepts
CertMgr command line parameters
CertMgr notes.ini settings