fighting for truth, justice, and a kick-butt lotus notes experience.

Announcing - Lets Encrypt for Domino v2.1 - Just Do SSL

Detlev Poettgen  Juli 12 2019 06:37:24 AM
Today we are pleased to announce the new version 2.1.0 of midpoints Let's Encrypt 4 Domino aka LE4D

Image:Announcing - Lets Encrypt for Domino v2.1 - Just Do SSL
LE4D 2.1.0 uses the ACME v2 protocol, based on Java 8, and is supported on Domino 10 and Domino 9.0.1 FP8+ on Windows & Linux.

What's new in LE4D 2.1.0


-        Multi value field for Domain now supports comma, semicolon and new line as separator.

-        New Setting: HTML Directory to support custom domino/html directory.

-        New Restart Option:  Restart of the Domino Server after successfully renewal.

-        Extended log messages during agent execution.

-        Agent output will be added and saved in the settings document and can be viewed there.

-        Added additional hints in the settings form to make it a little bit easier to start using LE4D.


Upgrade Instruction


-        Request the new version here:
https://www.midpoints.de/LE4D
               We are sending out the new version by mail. Please, check your spam folder, if you don't receive it within 15 minutes after sending the request.

-        Sign the new downloaded Template
-        Upgrade the database design of your existing LE4D database

-        Open the database and your existing settings documents once and save them


Regarding Let's Encrypt Wildcard Certificates


We are getting asked quit often regarding support for Let's Encrypt wildcard certificates and we already have a running prototype, that works really well - but:


The Let's Encrypt ACME protocol for wildcard certs is using a DNS challenge instead of a HTTP challenge used for a single server certificate.

We had a running prototype supporting wildcards, but we skipped further development, because you will have to add a TXT-Record with the challenge to your DNS zone.
The challenge will change with every renewal, so you will have to automate the update of the TXT-Record on your DNS server too.

The problem here is, that every DNS server solution or hoster provides their own set of APIs to do that. There is no standard DNS API.

Our own hoster for example does not provide any DNS API for example, only a webfrontend to manage the DNS zone.
We tried to find a solution by running a local small DNS server integrated into LE4D and to configure a DNS delegation for the ACME DNS challenge pointing to the local DNS server.
It works yeah! We can get Let's Encrypt Wildcard Certificates issued by LE4D running on your Domino Server and we were able to do automated renewals.

But the requirements and configurations will be complex. You will have to make changes to your DNS zone (hint: DNS delegation) and open additional firewall rules to allow incoming DNS queries to our local LE4D integrated DNS server. We already started doing a documentation, but it is a longer list of steps and the number of possible error cases are high.

Because LE4D is for free and we don't make any money with it, the time for support and development to implement and test against all the different DNS API's would costs us to much time and money :-(


So - at the moment LE4D does not support wildcard certs.



If you have any feedback or suggestion, pls. let us know.


Let' Encrypt !

Treffpunkte

Archive