[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] EFF certbot for https?
|
Hi,
On Thu, Dec 5, 2019 at 10:57 PM Steve Sobol (Lobos Studios)
<steve@xxxxxxxxxxxxxxxx> wrote:
>
> How did you implement it, if I may ask?
>
> I’d like to automate everything: generation and update of the certs, update of the keystore, etc.
We use Ubuntu.
Ubuntu ships /etc/cron.d/certbot that attempts to renew the
certificate twice a day.
You drop a shell script into /etc/letsencrypt/renewal-hooks/ and it
will be run _only_ when the certificate needs renewal.
The script we have concats certificates and private key for HAProxy
(and restarts it);
then uses openssl and keytool to generate the Java keystore and restarts Jetty.
We don't generate, just renew, but I guess with some creativity you
can script anything you want.
I'm no expert, I just found enough online to make it work for our needs.
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.