DEV Community

gie3d
gie3d

Posted on

Renew letsencrypt cert and import to Spring project

Renew cert
certbot renew

Or if you want to force renew
certbot renew --force-renew

[root@server ~]# certbot renew --force-renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/yourdomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for yourdomain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
  /etc/letsencrypt/live/yourdomain.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode
  • Go to /etc/letsencrypt/live/yourdomain.com
  • Convert the keys to PKCS12 using OpenSSL
$ openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root
Enter fullscreen mode Exit fullscreen mode
  • Enter your password for the key The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/yourdomain.com.

Make sure your server ssl key-store is pointed to the location your .p12 key created

server.port: 8443
security.require-ssl=true
server.ssl.key-store:/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password: <your-password>
server.ssl.keyStoreType: PKCS12
server.ssl.keyAlias: tomcat
Enter fullscreen mode Exit fullscreen mode

Top comments (0)