Ok, this has nothing to do with Feb 14 aka Valentine's Day. I chose this title as my Let's Encrypt certificate for this page was going to expire on exact that date.
I recently saw it and just now retweeted the Tweet of Detlev's blog post regarding the updated Let's Encrypt certificates that you have to add to your cacerts on Domino to keep the great LE4D app running without errors. If you use LE on your Domino server utilizing LE4D then YOU MUST act now - before it's too late (maybe on Valentine's Day...)
For me it was not perfectly clear what to do exactly. If you are running Domino 11.x you cannot use the IKEYMAN anymore but the default tool called "keytool" - which is just a command line tool and therefor you have to be precise.
What I did
I read Detlev's blog post and downloaded all the 3 files linked to from LE's website:
- isrgrootx1.pem
- trustid-x3-root.pem.txt
- lets-encrypt-r3.pem
I created a new directory and saved those files to the server machine (in this case Windows) to the <DominoProgramDir>\jvm\bin\le4d folder. If you just want to copy and paste the following commands then you have to use this folder, too.
Detlev mentioned the actual names of the aliases to be used though they do not stand out like that - I guess you don't have to name them like this but I did - and it worked, so...
After I had the 3 files on my disk, I opened a new CMD as admin and navigated to the <DominoProgramDir>\jvm\bin folder.
If you followed me until here, you can just copy and paste the following command to your CMD:
keytool -import -trustcacerts -keystore ../lib/security/cacerts -storepass changeit -alias "ISRG Root X1" -import -file le4d/isrgrootx1.pem
keytool -import -trustcacerts -keystore ../lib/security/cacerts -storepass changeit -alias "DST Root CA X3" -import -file le4d/trustid-x3-root.pem.txt
keytool -import -trustcacerts -keystore ../lib/security/cacerts -storepass changeit -alias "Let’s Encrypt R3" -import -file le4d/lets-encrypt-r3.pem
My mistake was that I just restarted the HTTP task with res ta http but this is not enough - restart the whole server to make this work.
After that you can test the LE4D agent or just wait until the next renewal of your LE certificates.
Thanks again to Detlev and midpoints for offering this great tool - until we have Domino V12 with integrated Let's Encrypt support which works like a charm - not tested though if the changes also affect this feature right now... Maybe Daniel Nashed can clear this up?