Oh. My plan is to fire up my Python IDE :) (certbot plugins are written in Python) and actually do all the legwork through the plugin.
I mean, I run IIS and Apache in addition to my custom embedded Jetty server (which I am going to eventually make public, I swear) and the IIS and Apache servers have their SSL certs renewed automatically - I do not need to do anything. That's what I want to do with my JEE websites. And I don't use HAProxy. I have one of my Jetty servers sitting behind nginx, but I'm in the process of moving the one site it hosts to a newer server, and then that server's going away. -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Simone Bordet Sent: Thursday, December 05, 2019 15:33 To: JETTY user mailing list <[email protected]> Subject: Re: [jetty-users] EFF certbot for https? Hi, On Thu, Dec 5, 2019 at 10:57 PM Steve Sobol (Lobos Studios) <[email protected]> wrote: > > How did you implement it, if I may ask? > > I’d like to automate everything: generation and update of the certs, update > of the keystore, etc. We use Ubuntu. Ubuntu ships /etc/cron.d/certbot that attempts to renew the certificate twice a day. You drop a shell script into /etc/letsencrypt/renewal-hooks/ and it will be run _only_ when the certificate needs renewal. The script we have concats certificates and private key for HAProxy (and restarts it); then uses openssl and keytool to generate the Java keystore and restarts Jetty. We don't generate, just renew, but I guess with some creativity you can script anything you want. I'm no expert, I just found enough online to make it work for our needs. -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
