This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ssl_tsl_certificates [2018/11/09 13:02] mstraub |
ssl_tsl_certificates [2018/11/09 13:41] (current) mstraub [Workflow when using WildFly] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== SSL/TSL Certificates ====== | ====== SSL/TSL Certificates ====== | ||
+ | |||
+ | When using HTTPS on your server you should most probably also provide a **valid** [[https://de.wikipedia.org/wiki/Transport_Layer_Security|TLS]] (aka SSL) certificate. Otherwise browsers tend to block access to your page or at least give a big warning that the page is not secure. | ||
===== Let's Encrypt ===== | ===== Let's Encrypt ===== | ||
Line 40: | Line 42: | ||
== Create Java Keystore == | == Create Java Keystore == | ||
- | Now we have to create a java keystore (.jks) for use with WildFly. Adapt the variables to match your use case: | + | Now we have to create a java keystore (.jks) for use with WildFly. Adapt the variables to match your use case, and note, that you should delete the lines containing passwords from your ''~/.bash_history'' (or equivalent): |
<code bash> | <code bash> | ||
Line 88: | Line 90: | ||
</code> | </code> | ||
- | In case WildFly uses port 80/443 you have to shut it down now. | + | In case WildFly uses port 80/443 you have to shut it down now. Unfortunately you can not specify a different port for the validation, see ''%%certbot --help standalone%%'' (especially the option ''%%--tls-sni-01-port%%''), and https://github.com/certbot/certbot/issues/2697. |
Then renew the certificate (updates ''/etc/letsencrypt/live/${YOURDOMAIN}/fullchain.pem''): | Then renew the certificate (updates ''/etc/letsencrypt/live/${YOURDOMAIN}/fullchain.pem''): | ||
Line 97: | Line 99: | ||
Then repeat the steps for creating a new java keystore. | Then repeat the steps for creating a new java keystore. | ||
- | |||
- | FIXME as of 2018-08 shutting down may not be necessary anymore, see ''%%certbot --help standalone%%'' and the option ''%%--tls-sni-01-port%%''. See also https://github.com/certbot/certbot/issues/2697 |