Installing letsrcrypt certificate in grails.
assumptions:
domain name: app.example.com
password : supersecret
linux app user account : appuser
Use this URL to generate command for your site:
Step 1.
Renew certificate using this command.
#certbot certonly
(choose to renew option 1)
It will create two file:
/etc/letsencrypt/live/app.example.com/fullchain.pem
and
/etc/letsencrypt/live/app.example.com/privkey.pem
Step 2.
Combine cert and private key using this command.
#mkdir -p /home/appuser/etc/app.example.com
#openssl pkcs12 -export -in /etc/letsencrypt/live/app.example.com/fullchain.pem -inkey /etc/letsencrypt/live/app.example.com/privkey.pem -out /home/appuser/etc/app.example.com/app.example.com.cert.p12 -name app.example.com
<
as password>> assumptions:
domain name: app.example.com
password : supersecret
linux app user account : appuser
Use this URL to generate command for your site:
As root:
=============================================Step 1.
Renew certificate using this command.
#certbot certonly
(choose to renew option 1)
It will create two file:
/etc/letsencrypt/live/app.example.com/fullchain.pem
and
/etc/letsencrypt/live/app.example.com/privkey.pem
Step 2.
Combine cert and private key using this command.
#mkdir -p /home/appuser/etc/app.example.com
#openssl pkcs12 -export -in /etc/letsencrypt/live/app.example.com/fullchain.pem -inkey /etc/letsencrypt/live/app.example.com/privkey.pem -out /home/appuser/etc/app.example.com/app.example.com.cert.p12 -name app.example.com
<
#chown -R appuser.appuser /home/appuser/etc/app.example.com
As app user:
=============================================Step 3.
Convert p12 file into jks file using this command. Change supersecret to something that is really kept super secret.
$keytool -importkeystore -deststorepass supersecret -destkeypass supersecret -destkeystore /home/appuser/etc/app.example.com/app.example.com.cert.jks -srckeystore /home/appuser/etc/app.example.com/app.example.com.cert.p12 -srcstorepass secret -srcstoretype PKCS12 -alias app.example.com
$rm /home/appuser/etc/app.example.com/app.example.com.cert.p12
Step 4.
Now pass these arguments to grails .
$./grailsw \
-Dserver.address=0.0.0.0 \
-Dserver.port=8443 \
-Dserver.ssl.enabled=true \
-Dserver.ssl.key-store-password=supersecret \
-Dserver.ssl.key-store=/home/appuser/etc/app.example.com/app.example.com.cert.jks \
-Dserver.ssl.key-alias=app.example.com \
prod run-app
The form below hosted at https://jsfiddle.net/a2bfxdeq/2 generates command for you.
No comments:
Post a Comment