How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
I'm new to securing a server so I don't really know much about this but I need to get my Spring Boot Application that is running on a Digital Ocean Droplet to use HTTPS.
My idea is to register a letsencrypt certificate and then tell Spring to use that.
However, I have no idea how to do that.
Thanks.
Answer
I wrote 2 blog posts about Let's Encrypt and Spring Boot.
- Issuing a certificate. Spring Boot Application Secured by Let’s Encrypt Certificate
- Renewing a certificate. Let’s Encrypt Certificate Renewal: for Spring Boot
In a nutshell, steps are as follows:
Pulling the Let's Encrypt client (certbot).
Generating a certificate for your domain (e.g. example.com)
./certbot-auto certonly -a standalone -d example.com -d www.example.com
Things are generated in /etc/letsencrypt/live/example.com. Spring Boot expects PKCS#12 formatted file. It means that you must convert the keys to a PKCS#12 keystore (e.g. using OpenSSL). As follows:
- Open
/etc/letsencrypt/live/example.comdirectory. -
`openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root`
The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/example.com.
It's time to configure your Spring Boot application. Open the application.properties file and put following properties there:
server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat
Read my blog post for further details and remarks.