Dear all,
I’m trying to use the client to create the certificate for an application, java with jetty embedded, deployed in Amazon AWS.
I’ve been accepted for the beta testing and I tried to generate the certificate in every way described, but the result is always the same: Error: The client lacks sufficient authorization
The application is running on the port 8443 and aptitude is forwarding all the request from the 443 to 8443 that is serving the responses and is using a self-signed certificate, at the moment.
From your description it sounds like you’re currently not using port 80, in which case you could use the standalone plugin. In order to verify ownership of your domain you need to serve a file under http://example.com/.well-known/acme-challenge/{random_token}. Standalone mode will spawn a web server and listen on port 80 to answer the challenge for you. Make sure your AWS security policy (or any other firewall) allows access to port 80.
If that doesn’t solve your problem, please add -v to your commands and include the full output and any log files in /var/log/letsencrypt
Hi pfg,
Thanks for the reply and the tip, actually the port 80 was closed in the amazon firewall.
The certificate has been generated, the issue is that looks like that Spring boot (Jetty) doesn’t like it, it assumes an extension as .jks instead of .pem (like the one just generated)
Is that the only format available, for the certificate?
I don't think the client can be convinced to generate .jks files directly at the moment. I found the following post where someone managed to get it running with tomcat, which seems to use the same format:
Hi pfg,
Thanks for the link, it actually works, I added the certificate and inspecting from the browser I can see that is certificate by Let’s encrypt.
I was expecting that the browser wasn’t complaining, saying the connection is not private, about the certificate, but looks like that it is (I’m on Chrome).