Hi everyone,
four years ago I made a way to configure Tomcat/Tomcat Native/Letsencrypt.
I’ve used that configuration for several severs and documented it publicly as this tutorial: https://mladenadamovic.wordpress.com/2016/09/06/configure-tomcat-with-ssl-on-ubuntu-minimal/
However, recently I started to receive the email that I should upgrade to ACMEv2.
I’ve installed Certbot from https://certbot.eff.org/lets-encrypt/ubuntuxenial-other
and updated my script to use certbot .
I thought that I should migrate my RedirectToHttpsWithAcme class (as described in the tutorial) to ACMEv2
I was reading documentation of ACME4J at https://shredzone.org/maven/acme4j/index.html
But it looked very complicated!
And I decided to try dry-run what happens when I run certbot:
certbot --dry-run certonly --webroot --webroot-path /tmp/letsencrypt/public_html -d online-utility.org -d www.online-utility.org -d ww2.online-utility.org -d new.online-utility.org --agree-tos --email mladen.adamovic@gmail.com
to my surprise, I didn’t see any error message and it looks that it now uses ACMEv2, as I’ve seen in the logs:
https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/finalize/313560/73238149 HTTP/1.1" 200 905
Is this right? This from the log suggest that it’s using ACMEv2?
If that is correct it seems that I can still with ACMEv2 continue to use RedirectToHttpsWithAcme class as described in my tutorial:
(for the reference, this is that class):
import commons.FilesOperations;
import commons.UsualHtmlUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author mladen
*/
@WebServlet(name = "RedirectToHttpsWithAcme", urlPatterns = {"/*", "/"})
public class RedirectToHttpsWithAcme extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String requestUrl = request.getRequestURL().toString();
if (requestUrl.contains(".well-known/acme-challenge/")) {
int indexFilename = requestUrl.lastIndexOf("/") + 1;
boolean wasError = true;
if (indexFilename > 0 && indexFilename < requestUrl.length()) {
String filename = requestUrl.substring(indexFilename);
File existingFile = new File("/tmp/letsencrypt/public_html/.well-known/acme-challenge/" + filename);
if (existingFile.exists()) {
response.setContentType("text/plain");
OutputStream out = response.getOutputStream();
FileInputStream in = new FileInputStream(existingFile);
FilesOperations.inputStreamToOutputStream(in, out);
wasError = false;
}
}
if (wasError) {
throw new ServletException("invalid requestUrl " + requestUrl);
}
} else {
response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
int indexOfSlash = requestUrl.indexOf("//");
if (indexOfSlash > 0) {
String redirectUrl = "https:" + requestUrl.substring(indexOfSlash);
String queryString = request.getQueryString();
if (queryString != null && queryString.length() > 0) {
redirectUrl += "?" + UsualHtmlUtils.encodeURL(queryString);
}
response.setHeader("Location", redirectUrl);
} else {
throw new ServletException("invalid requestUrl " + requestUrl);
}
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}