The Let's Encrypt CA only works for web servers exposed to the internet (or at least public Domains in combination with your providers DNS). But the smallstep CA does now support the ACME protocol (RFC 8555) -- which is the underlying standard used by Let's Encrypt. I was looking for a way to deploy internal web server test certificates for my lab and ran into this. The whole setup took me like 10 minutes and it just works!

The new code drop is available with more preview features. One of the highlight features is TOTP. You can now use two factor authentication for HTTPS connections.

The kyr format is a really old propritary IBM format. Since Domino 9 the only way to create kyr files is to use the command-line kyrtool. It can only import existing key pairs + certificates. So the current flow is often to use OpenSSL to create a key pair and a CSR or to import existing key pairs with the matching certificates. That flow is going to change with Domino V12 completely. The CertMgr servertask and the cerstore.nsf will completely simplify the operation and remove the need for kyr files.

We got the first two code drops for the early access program. The October code drop show be available soon. With new features .. This is a great opportunity for an early look and to provide feedback.

Just ran into "tell http show security" I did not notice it before. Can be useful to show the currently configured kyr file per website.

RedHat is still shipping an older containerd version with CentOS 8 than what they shipped with CentOS 7. This blocks Docker 19+ installations. The only way to get Docker installed, is to use the -nobest option which will install Docker 18.x. But you really want to install Docker 19.03