Re: [jetty-users] EFF certbot for https?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] EFF certbot for https?

From: "Steve Sobol - Lobos Studios" <steve@xxxxxxxxxxxxxxxx>
Date: Thu, 5 Dec 2019 15:40:39 -0800
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
Thread-index: AQJlh67nbRqJPZMUiXUDjjF3kwTG9wIYJ0NYAwnGZiGmY2tdwA==

Oh. My plan is to fire up my Python IDE :) (certbot plugins are written in Python) and actually do all the legwork through the plugin.

I mean, I run IIS and Apache in addition to my custom embedded Jetty server (which I am going to eventually make public, I swear) and the IIS and Apache servers have their SSL certs renewed automatically - I do not need to do anything. That's what I want to do with my JEE websites.

And I don't use HAProxy. I have one of my Jetty servers sitting behind nginx, but I'm in the process of moving the one site it hosts to a newer server, and then that server's going away.

-----Original Message-----
From: jetty-users-bounces@xxxxxxxxxxx <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of Simone Bordet
Sent: Thursday, December 05, 2019 15:33
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] EFF certbot for https?

Hi,

On Thu, Dec 5, 2019 at 10:57 PM Steve Sobol (Lobos Studios) <steve@xxxxxxxxxxxxxxxx> wrote:
>
> How did you implement it, if I may ask?
>
> I’d like to automate everything: generation and update of the certs, update of the keystore, etc.

We use Ubuntu.
Ubuntu ships /etc/cron.d/certbot that attempts to renew the certificate twice a day.
You drop a shell script into /etc/letsencrypt/renewal-hooks/ and it will be run _only_ when the certificate needs renewal.
The script we have concats certificates and private key for HAProxy (and restarts it); then uses openssl and keytool to generate the Java keystore and restarts Jetty.

We don't generate, just renew, but I guess with some creativity you can script anything you want.
I'm no expert, I just found enough online to make it work for our needs.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

References:
- Re: [jetty-users] EFF certbot for https?
  - From: Simone Bordet
- Re: [jetty-users] EFF certbot for https?
  - From: Steve Sobol (Lobos Studios)
- Re: [jetty-users] EFF certbot for https?
  - From: Simone Bordet

Prev by Date: Re: [jetty-users] EFF certbot for https?
Next by Date: Re: [jetty-users] EFF certbot for https?
Previous by thread: Re: [jetty-users] EFF certbot for https?
Next by thread: Re: [jetty-users] EFF certbot for https?
Index(es):
- Date
- Thread

Breadcrumbs