Last active
August 7, 2022 12:04
-
-
Save weiserr/f6b65f11182956c23bfbe08fbc084e94 to your computer and use it in GitHub Desktop.
Let's Encrypt on Ubuntu for Spring-Boot applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server: | |
| port: 8443 | |
| ssl: | |
| # this should match with the used ${DEST} | |
| key-store: file:./keystore.p12 | |
| key-store-password: password | |
| keyStoreType: PKCS12 | |
| keyAlias: tomcat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Add the staging option (--staging) to certbot-auto if you wish to validate the procedure | |
| DEST=$1 | |
| DOMAIN=$2 | |
| EMAIL=$3 | |
| mkdir -p /opt/certbot | |
| wget https://dl.eff.org/certbot-auto -O /opt/certbot/certbot-auto | |
| chmod a+x /opt/certbot/certbot-auto | |
| /opt/certbot/certbot-auto certonly --debug --non-interactive --email ${EMAIL} --agree-tos --standalone -d ${DOMAIN} --keep-until-expiring | |
| openssl pkcs12 -export -in /etc/letsencrypt/live/${DOMAIN}/cert.pem -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -out ${DEST} -name tomcat -CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root -passout pass:password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Make sure to reboot the SpringBoot application | |
| DEST=$1 | |
| DOMAIN=$2 | |
| /opt/certbot/certbot-auto renew | |
| openssl pkcs12 -export -in /etc/letsencrypt/live/${DOMAIN}/cert.pem -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem -out ${DEST} -name tomcat -CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root -passout pass:password |
Hi @sebasira
1 - Yeah - this is independent of SpringBoot.
2 - If you use the certificate as shown above you might need to restart the app so it is able to pick up the new one. To avoid - you would have to check the SpringBoot man pages if there is some kind of refresh mechanismn (like @RefreshScope for configuration) when it comes SSL certs.
Cheers, Robert
Thanks for your reply! I'm testing this right now and let you know how it goes!
Thanks! It works great!
Thanks! i wrote something similar about a month ago and lost it, thanks for sharing! gonna test it tomorrow at work!
that is what I was looking for. Thanks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Robert! Thanks for sharing Im trying to use SSL for the first time with my SpringBoot App.
I have some questions:
1- Is this procedure still valid to create a SSL certificate for a SpringBoot app?
2- To renew the certificate... Must I restart the Spring Boot app to get the new certificate right? Is there a way to avoid this?