Midpoints LE4Domino - a closer look

Thursday, August 24, 2017 at 8:42 PM UTC

2 days ago Ulrich Krause and Detlev Poettgen posted about Midpoints' free NSF-based tool for all of us running a Domino server with an SSL certificate from Let's Encrypt. If you are not familiar with this service: they offer SSL certifcates for free, valid for 90 days. You have to re-new the certificates after that period which is not that convenient. Midpoints' tool fixes that problem by automating the process for you.

The best thing about it: it's free!

If you haven't checked it out, then do it now!

After you submitted your download request, please check both your inbox and spam folder afterwards. It can take up some time to get the download link and mine was caught by Google's spam detector for no reason.

Unzip all the stuff from the archive and read the instructions carefully!

I had some problems, so here are 5 tips

As always my first attempts did not work properly. I was lucky enough that Ulrich assisted me via social media so I got it finally running properly.

1. Working directory

As my Domino runs on Linux I set the working directory to be /tmp which works fine.

2. Stage mode vs. Production mode

Keep in mind that creating certificates in stage mode does not produce a valid certificate at all. It's just for testing out the whole process and the run of the agent(s) on your system. After you checked that everything is working correctly you must switch to Production mode to get a valid SSL certificate.

3. Keyring files

Whatever you will do: backup existing kyr and sth files before you try anything here! The tool should replace the settings in the corresponding server documents (and internet sites I guess), so you could use a different name from the one you may have used before (e.g. keyring instead of keystore2 etc.). As I wasn't sure if the replacement in the documents would take place, I chose the same name for the files as I used before. But: remember to backup first...

4. Keyring file password

I first left the password for the kyr and sth file blank. A random password should have been created. Instead I got this on my server console:

24.08.2017 21:53:46   Agent Manager: Agent  error: Exception in thread "AgentThread: MPStarter" 
24.08.2017 21:53:46   Agent Manager: Agent  error: java.lang.UnsupportedClassVersionError: JVMCFRE003 Ungültige übergeordnete Version; Klasse=, Offset=6
24.08.2017 21:53:46   Agent Manager: Agent  error:  at java.lang.ClassLoader.defineClassImpl(Native Method)
24.08.2017 21:53:46   Agent Manager: Agent  error:  at ...

The password generator is not compatible with Domino's JVM 1.6 - so please set a password for yourself to avoid this.

5. Re-initiate the process

During my various attempts I always had to reset the setting document in the LE4D database. Due to hidden design you can't access the fields directly, but thanks to Erik Schmalz' Domino Navigator I was able to remove the field "notValidAfter" which holds the valid to date of the certificate. There is an easier way during the staging phase of the setup: set the value for "renew nn days before" to 90 - and will do, too.

Conclusion

Let's Encrypt is a great service and with Midpoints' tool it is even easier to use it.

So a big shoutout and thanks go to the guys who made it possible, Ulrich and Detlev!






Latest comments to this post

Detlev Poettgen wrote on 24.08.2017, 23:15

Oliver, thank you very much for your review. Great!

LE4D will not made any changes to the server or website documents.

When you start - keeping the already existing KYrRs and creating new KYR files is absolutely recommended. 

We will change the Password field to be required in the next release to fix the issue, when the field is empty.

Great that you got it working

Detlev

 

 

 

 Link to this comment

Leave a comment right here