ssl_tsl_certificates
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ssl_tsl_certificates [2018/11/09 13:03] mstraub [Let's Encrypt] |
ssl_tsl_certificates [2018/11/09 13:41] (current) mstraub [Workflow when using WildFly] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== SSL/TSL Certificates ====== | ====== SSL/TSL Certificates ====== | ||
| - | When using HTTPS on your server you should most probably also provide a *valid* [[https://de.wikipedia.org/wiki/Transport_Layer_Security|TLS]] (aka SSL) certificate. Otherwise browsers tend to block access to your page or at least give a big warning that the page is not secure. | + | When using HTTPS on your server you should most probably also provide a **valid** [[https://de.wikipedia.org/wiki/Transport_Layer_Security|TLS]] (aka SSL) certificate. Otherwise browsers tend to block access to your page or at least give a big warning that the page is not secure. |
| ===== Let's Encrypt ===== | ===== Let's Encrypt ===== | ||
| Line 42: | Line 42: | ||
| == Create Java Keystore == | == Create Java Keystore == | ||
| - | Now we have to create a java keystore (.jks) for use with WildFly. Adapt the variables to match your use case: | + | Now we have to create a java keystore (.jks) for use with WildFly. Adapt the variables to match your use case, and note, that you should delete the lines containing passwords from your ''~/.bash_history'' (or equivalent): |
| <code bash> | <code bash> | ||
| Line 90: | Line 90: | ||
| </code> | </code> | ||
| - | In case WildFly uses port 80/443 you have to shut it down now. | + | In case WildFly uses port 80/443 you have to shut it down now. Unfortunately you can not specify a different port for the validation, see ''%%certbot --help standalone%%'' (especially the option ''%%--tls-sni-01-port%%''), and https://github.com/certbot/certbot/issues/2697. |
| Then renew the certificate (updates ''/etc/letsencrypt/live/${YOURDOMAIN}/fullchain.pem''): | Then renew the certificate (updates ''/etc/letsencrypt/live/${YOURDOMAIN}/fullchain.pem''): | ||
| Line 99: | Line 99: | ||
| Then repeat the steps for creating a new java keystore. | Then repeat the steps for creating a new java keystore. | ||
| - | |||
| - | FIXME as of 2018-08 shutting down may not be necessary anymore, see ''%%certbot --help standalone%%'' and the option ''%%--tls-sni-01-port%%''. See also https://github.com/certbot/certbot/issues/2697 | ||
ssl_tsl_certificates.1541765034.txt.gz ยท Last modified: 2018/11/09 13:03 by mstraub
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
