Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] EFF certbot for https?
We embed Jetty in our application and use certbot with a deploy hook to obtain certificates. e.g.
certbot certonly --webroot --deploy-hook "/opt/mango/bin/certbot-deploy.sh" -w "/opt/mango/web" -d yourdomain.com -d domain2.com

The script just uses openssl to generate a PKCS12 keystore and move it to our desired destination. We simply watch the keystore for changes then call org.eclipse.jetty.util.ssl.SslContextFactory.reload(Consumer<SslContextFactory>).


On Fri, Dec 6, 2019 at 3:14 AM John English <john.foreign@xxxxxxxxx> wrote:
On 05/12/2019 23:57, Steve Sobol (Lobos Studios) wrote:
> How did you implement it, if I may ask?
>
> I’d like to automate everything: generation and update of the certs, update of the keystore, etc.

Once thing to watch out for: it always wants to install updates to its
copy of Python, and by default that's owned by root... so check who ends
up owning it, or it can get messy.

--
John English
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top