Spring Boot with Letsencrypt SSL certificate support

application.yml

server:
  port: 443
  http:
    port: 80
  ssl:
    key-store: classpath:ssl/letsencrypt.jks
    key-store-password: password
    key-password: password

automate-letsencrypt-to-springboot.sh

#!/bin/bash

PASSX=secretPassword
APP_PATH=/pathToCertificate
LETSENCRYPT_KEY_PATH=/etc/letsencrypt/live/pathdomaintocertificate

rm -f $APP_PATH/keystore.p12
rm -f $APP_PATH/letsencrypt.jks

openssl pkcs12 -export -in $LETSENCRYPT_KEY_PATH/cert.pem -inkey $LETSENCRYPT_KEY_PATH/privkey.pem -out $APP_PATH/keystore.p12 -name aliasCertificate -CAfile $LETSENCRYPT_KEY_PATHchain.pem -caname root -passout pass:$PASSX
keytool -importkeystore -deststorepass $PASSX -destkeypass $PASSX -destkeystore $APP_PATH/letsencrypt.jks -srckeystore $APP_PATH/keystore.p12 -srcstoretype PKCS12 -srcstorepass $PASSX -alias aliasCertificate
keytool -import -trustcacerts -alias root -file $LETSENCRYPT_KEY_PATH/chain.pem -keystore $APP_PATH/letsencrypt.jks -storepass $PASSX

chown currentuser:currentuser $APP_PATH/keystore.p12
chown currentuser:currentuser $APP_PATH/letsencrypt.jks

letsencrypt.sh

# IMPORTANT: You must run ./letsencrypt-auto inside the server where the application will be running. 

# Generate certificat files
./letsencrypt-auto certonly --standalone -d example.com

# Go to directory where certificates where generated
cd /etc/letsencrypt/live

# Create new letsencrypt.jks keystore
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root
keytool -importkeystore -deststorepass password -destkeypass password -destkeystore letsencrypt.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass password -alias tomcat
keytool -import -trustcacerts -alias root -file chain.pem -keystore letsencrypt.jks

MultiConnectionSupport.java

@Configuration
public class MultiConnectionSupport {
    @Value("${server.port}")
    private int serverPort;

    @Value("${server.http.port}")
    private int httpServerPort;

    @Bean
    public EmbeddedServletContainerFactory servletContainer() {
        final TomcatEmbeddedServletContainerFactory tomcat = new RedirectTomcatEmbeddedServletContainerFactory();
        tomcat.addAdditionalTomcatConnectors(createSslConnector());
        return tomcat;
    }

    private Connector createSslConnector() {
        final Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(httpServerPort);
        connector.setSecure(false);
        connector.setRedirectPort(serverPort);

        return connector;
    }

    private static class RedirectTomcatEmbeddedServletContainerFactory extends TomcatEmbeddedServletContainerFactory {
        @Override
        protected void postProcessContext(Context context) {
            final SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");

            final SecurityCollection collection = new SecurityCollection();
            collection.addPattern("/*");
            securityConstraint.addCollection(collection);
            context.addConstraint(securityConstraint);
        }
    }
}