Let's Encrypt CA certificate request: Quick Start

If your HCL Domino® server is connected to the internet over outgoing port 443 and incoming port 80/443, you can request a certificate from the Let's Encrypt CA for the server with the CertMgr command.

About this task

This command requests a certificate using an HTTP-01 challenge.

Procedure

Run the following command at the server console:
load certmgr -ACCEPT_TOU_AUTO_CONFIG
Note: This command is equivalent to:
load certmgr -r -c -o -y  -ACCEPT_TOU

Results

CertMgr loads and completes the following steps:
  1. Accepts the terms of operations for Let's Encrypt (-ACCEPT_TOU).
  2. Creates certstore.nsf.
  3. Determines the host name of the machine and requests a first certificate (-r).
  4. Starts HTTP (-o) or restarts HTTP if already running (-c).
  5. Runs the ACME protocol operations to request a certificate from the Let's Encrypt CA.
This same certificate request scenario can be automated using the following notes.ini settings:
CertMgr_ACCEPT_TOU=1
CertMgr_AutoRequestCert=1
CertMgr_AutoConfigHttp=1