Skip to content

Instantly share code, notes, and snippets.

@mihkels
Created March 2, 2016 13:51
Show Gist options
  • Save mihkels/6e30e8e21acc68a55482 to your computer and use it in GitHub Desktop.
Save mihkels/6e30e8e21acc68a55482 to your computer and use it in GitHub Desktop.
Spring Boot with Letsencrypt SSL certificate support
server:
port: 443
http:
port: 80
ssl:
key-store: classpath:ssl/letsencrypt.jks
key-store-password: password
key-password: password
# IMPORTANT: You must run ./letsencrypt-auto inside the server where the application will be running.
# Generate certificat files
./letsencrypt-auto certonly --standalone -d example.com
# Go to directory where certificates where generated
cd /etc/letsencrypt/live
# Create new letsencrypt.jks keystore
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root
keytool -importkeystore -deststorepass password -destkeypass password -destkeystore letsencrypt.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat
keytool -import -trustcacerts -alias root -file chain.pem -keystore letsencrypt.jks
@Configuration
public class MultiConnectionSupport {
@Value("${server.port}")
private int serverPort;
@Value("${server.http.port}")
private int httpServerPort;
@Bean
public EmbeddedServletContainerFactory servletContainer() {
final TomcatEmbeddedServletContainerFactory tomcat = new RedirectTomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector());
return tomcat;
}
private Connector createSslConnector() {
final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("http");
connector.setPort(httpServerPort);
connector.setSecure(false);
connector.setRedirectPort(serverPort);
return connector;
}
private static class RedirectTomcatEmbeddedServletContainerFactory extends TomcatEmbeddedServletContainerFactory {
@Override
protected void postProcessContext(Context context) {
final SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
final SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
}
}
@mikeumus
Copy link

mikeumus commented Jul 19, 2016

For the Java noobs like myself that aren't using an IDE like Netbeans that adds the imports for you you'll need something like this at the top of the MultiConnectionSupport.java:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.beans.factory.annotation.Value;

The letsencrpyt.sh openssl and keytool commands work for other certs from other authorities as well, instead of the .pem files use the other crts provided by them.

@rodgarcialima
Copy link

Nice gist, btw check this link out.

Using LetsEncrypt certificate with Spring Boot

@brunoaduarte
Copy link

This doesn't work with newer versions of SpringBoot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment