First of all let me say that I know pretty much nothing about managing the
https server on the IBM i ....
Would dehydrated work for you? https://github.com/lukas2511/dehydrated
You can save the updated certs where you like then run a script to apply
them - presuming that application of the the updated certs can be scripted.
I've switched to using dehydrated rather than the default LE program on my
personal Centos servers and it seems to be working fine, YMMV...
Mike Hockings, M.Eng., P.Eng.
DevOps for Enterprise
IBM Developer for z Systems and Power Systems Software Technical Support
IBM Canada Ltd. Laboratory
voice 1-905-413-3199 T/L 313-3199 ITN 23133199
From: Pete Helgren <pete@xxxxxxxxxx>
Date: 2019/03/06 17:46
Subject: Re: [WEB400] Lets Encrypt + IBM i web server?
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxxxxxxxx>
Not yet. The issue is having an issue API that would allow you to renew
a certificate (there isn't one). Rumor has it the the API has been
enhanced to allow for the certificate to be renewed. Unfortunately, I am
on 7.2 and I don't think there are any plans to backport the
enhancement. Not sure when it will be released. It will be an update to
Last conversation I had was focusing on the renewal, since creating the
initial certificate isn't all that hard. I have a script that can renew
the certificate using a Java ACME client but I still have to manually
update DCM with the new cert. I would imagine the whole process could
be done with the new DCM if the API's are there....won't know until
announcements are made or I can get a new Power 9 box and join the
GIAC Secure Software Programmer-Java
Twitter - Sys_i_Geek IBM_i_Geek
On 3/5/2019 2:58 PM, David Gibbs via WEB400 wrote:
Has anyone come up with an automated way of creating & renewing Lets
Encrypt certificates with the IBM i web server?
I've got all the midrange.com sites working well with LE certs except
www.midrange.com (which runs on Frankie).
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
As an Amazon Associate we earn from qualifying purchases.