First of all let me say that I know pretty much nothing about managing the
https server on the IBM i ....

Would dehydrated work for you? https://github.com/lukas2511/dehydrated
You can save the updated certs where you like then run a script to apply
them - presuming that application of the the updated certs can be scripted.

I've switched to using dehydrated rather than the default LE program on my
personal Centos servers and it seems to be working fine, YMMV...

Mike

Mike Hockings, M.Eng., P.Eng.
DevOps for Enterprise
IBM Developer for z Systems and Power Systems Software Technical Support
IBM Canada Ltd. Laboratory
hockings@xxxxxxxxxx
voice 1-905-413-3199 T/L 313-3199 ITN 23133199




From: Pete Helgren <pete@xxxxxxxxxx>
To: web400@xxxxxxxxxxxxxxxxxx
Date: 2019/03/06 17:46
Subject: Re: [WEB400] Lets Encrypt + IBM i web server?
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxxxxxxxx>



Not yet.  The issue is having an issue API that would allow you to renew
a certificate (there isn't one).  Rumor has it the the API has been
enhanced to allow for the certificate to be renewed. Unfortunately, I am
on 7.2 and I don't think there are any plans to backport the
enhancement.  Not sure when it will be released. It will be an update to
the DCM.

Last conversation I had was focusing on the renewal, since creating the
initial certificate isn't all that hard.  I have a script that can renew
the certificate using a Java ACME client but I still have to manually
update DCM with the new cert.  I would imagine the whole process could
be done with the new DCM if the API's are there....won't know until
announcements are made or I can get a new Power 9 box and join the
beta.....

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
Twitter - Sys_i_Geek IBM_i_Geek

On 3/5/2019 2:58 PM, David Gibbs via WEB400 wrote:
Folks:

Has anyone come up with an automated way of creating & renewing Lets
Encrypt certificates with the IBM i web server?

I've got all the midrange.com sites working well with LE certs except
www.midrange.com (which runs on Frankie).

Thanks!

david
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.midrange.com_mailman_listinfo_web400&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=wo0uDJijITU2f7aW2HWa1KiNWzc2cb7dgMN4W-85iwI&m=yXou_iiq3Dkn2wYYPBgYbR-mZbIQex7sKsjqv4EAcOE&s=gLnp8NORo5voUxdr2at_NhdGqiby774iOSvh0NIDITU&e=

or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
https://urldefense.proofpoint.com/v2/url?u=https-3A__archive.midrange.com_web400&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=wo0uDJijITU2f7aW2HWa1KiNWzc2cb7dgMN4W-85iwI&m=yXou_iiq3Dkn2wYYPBgYbR-mZbIQex7sKsjqv4EAcOE&s=Mw7pEUZneRX5_cukPJ1BkizX3RXiTzd3J81dHigbhlw&e=
.





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.