We embed Jetty in our application and use certbot with a deploy hook to obtain certificates. e.g. certbot certonly --webroot --deploy-hook "/opt/mango/bin/certbot-deploy.sh" -w "/opt/mango/web" -d yourdomain.com -d domain2.com
The script <https://github.com/infiniteautomation/ma-core-public/blob/main/Core/scripts/certbot-deploy.sh> just uses openssl to generate a PKCS12 keystore and move it to our desired destination. We simply watch the keystore for changes then call org.eclipse.jetty.util.ssl.SslContextFactory.reload(Consumer<SslContextFactory>). On Fri, Dec 6, 2019 at 3:14 AM John English <[email protected]> wrote: > On 05/12/2019 23:57, Steve Sobol (Lobos Studios) wrote: > > How did you implement it, if I may ask? > > > > I’d like to automate everything: generation and update of the certs, > update of the keystore, etc. > > Once thing to watch out for: it always wants to install updates to its > copy of Python, and by default that's owned by root... so check who ends > up owning it, or it can get messy. > > -- > John English > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
