A script to simplify the installation and maintenance of Let’s Eencrypt certificates in Glassfish and Payara web servers.
This script is intended to simplify the installation of a Let’s Encrypt certificate in a glassfish/payara server and provide an automated way of renewing that certificate when it is about to expire.
There exists a significant amount of documentation on the web which addresses this problem but I have found much of it to be ambiguous and incomplete. This is an attempt to remove that ambiguity and incompleteness by giving a real world working example which can be modified to suit a particular situation.
What I’ve done is broken the process of obtaining a Let’s Encrypt certificate into the following steps, not all of which will be necessary:
- Customize the script to the particular local installation
- List of domains for which a certificate is to be created
- Glassfish/Payara setup (where they’re located in your filesystem)
- Password for Glassfish/Payara
- Change Glassfish/Payara to listen on ports 80 and 443
- Generate the Let’s Encrypt certification keys
- Insure that the keystore password matches that of the server
- Create a keystore
- Import the created keystore into the Glassfish/Payara keystore
- Apply the new certificate to the https listener
- Update the domain SSL information
- Set (if necessary) the server admin password.
- Set up the https domain
Additionally, the script can be invoked periodically (typically via ‘cron’) to check to see if any domains need to be renewed and if so, renew them automatically.
I have used this script to create a new certificate for three domains in less than 5 minutes. I have used this script to automatically renew three domains via a cron job.
See: https://github.com/hbrednek/letsencrypt_glassfish for the script.