Preparing to request certificates using HTTP-01 challenges

After you've run CertMgr to create certstore.nsf, follow the steps in this procedure to prepare the CertMgr server to request a certificate from the Let's Encrypt® CA using HTTP-01 challenges.

About this task

The administrative server running the CertMgr task to request certificates and the Domino Web servers for which the certificates are requested must run Domino 12 or later.


  1. Review the Certificate Store (certstore.nsf) ACL. Administrators and Domino servers in the domain require Manager access and the Administrator role. LocalDomainAdmins and LocalDomainServers have this access by default.
  2. Configure the outgoing HTTPs port (443) on the administrative CertMgr server. If the server connects to Let's Encrypt® servers through a proxy server, configure a proxy account in certstore.nsf. For more information, see Configuring CertMgr to connect through a proxy.
  3. Ensure that certstore.nsf is replicating from the administrative CertMgr server to the Web servers.
  4. If CertMgr connects to Let's Encrypt servers through a proxy server, complete the procedure Configuring CertMgr to connect through a proxy.

What to do next

Complete the procedure Configuring the ACME account profiles