Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] EFF certbot for https? 
Hi,

On Thu, Dec 5, 2019 at 10:57 PM Steve Sobol (Lobos Studios)
<steve@xxxxxxxxxxxxxxxx> wrote:
>
> How did you implement it, if I may ask?
>
> I’d like to automate everything: generation and update of the certs, update of the keystore, etc.

We use Ubuntu.
Ubuntu ships /etc/cron.d/certbot that attempts to renew the
certificate twice a day.
You drop a shell script into /etc/letsencrypt/renewal-hooks/ and it
will be run _only_ when the certificate needs renewal.
The script we have concats certificates and private key for HAProxy
(and restarts it);
then uses openssl and keytool to generate the Java keystore and restarts Jetty.

We don't generate, just renew, but I guess with some creativity you
can script anything you want.
I'm no expert, I just found enough online to make it work for our needs.

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top