Using a free SSL certificate from Let’s encrypt with Jetty

Let’s encrypt offers free SSL certificates that can also be used with Jetty. The following steps show how to get an install such a certificate: Installation To install the letsencrypt client on a Linux system, just enter these commands: $ git clone https://github.com/letsencrypt/letsencrypt $ cd letsencrypt $ ./letsencrypt-auto –help Request the certificate To request the … Continue reading “Using a free SSL certificate from Let’s encrypt with Jetty”

Let’s encrypt offers free SSL certificates that can also be used with Jetty. The following steps show how to get an install such a certificate:

  1. Installation
    To install the letsencrypt client on a Linux system, just enter these commands:

    $ git clone https://github.com/letsencrypt/letsencrypt
    $ cd letsencrypt
    $ ./letsencrypt-auto --help
  2. Request the certificate
    To request the certificate run this command:

    ./letsencrypt-auto certonly -d yourdomain.comĀ --webroot -w /var/www/

    To verify the address of your server letsencrypt needs to know the directory of your http server. In this example an Apache is used with the directory /var/www/ (and Jetty runs only on the https port).

  3. Convert the certificate into a format Jetty can use
    openssl pkcs12 -export -in /etc/letsencrypt/live/yourdomain.com/fullchain.pem -inkey /etc/letsencrypt/live/yourdomain.com/privkey.pem -out fullchain_and_key.p12 -name jetty
    keytool -importkeystore -destkeystore keystore_le -srckeystore fullchain_and_key.p12 -alias jetty
    keytool -import -destkeystore keystore_le -file /etc/letsencrypt/live/yourdomain.com/chain.pem -alias root
  4. Install the certificate in Jetty
    Just reference the keystore_le file that you have created in the etc/jetty-ssl.xml file:

    /
    /
    
  5. Stop and restart Jetty