Renewing certificate and .jks

lorenzodinelli · April 8, 2021, 1:23pm

Hi everyone. I have my certificate generated with Let's encrypt and it expires on 19April.

I used .pem and .crt to generate my .jks, but my .jks want renew
After a lot attempts I try to create new certificate but after sometimes it say "There were too many requests of a given type :: Error creating new order :: too many certificates already issued for exact set of domains".

How can I solve it? I have to renew .jks for my java server!!

JuergenAuer · April 8, 2021, 1:58pm

Hi @lorenzodinelli

so you have done something wrong, generating or installing the jks file from the new pem files.

If the problem is the jks generation, please explain: Why do you then create a new certificate?

That's completely useless and a waste of Letsencrypt certificates.

Create one certificate, then convert it to your jks and install it, then use it 60 - 85 days.

If the second and the third step doesn't work, repeating the first step is wrong.

So check your documentation how to create a correct jks and how to install it.

lorenzodinelli · April 8, 2021, 2:18pm

I have the .pem how can convert it to jks? If .pem extension is not correct how can I create a new one and later convert it to jks?

lorenzodinelli · April 8, 2021, 2:19pm

I have already a jks that expire 19Apr, how can in alternative renew it? Thanks a lot

JuergenAuer · April 8, 2021, 2:25pm

I don't know.

It's your system, you have already created that older jks.

So you know what you have done. Do that again. May be with OpenSsl, may be with another tool.

Your system is a complete black box.

schoen · April 8, 2021, 7:21pm

@lorenzodinelli it's true that you can convert your PEM files to a JKS file and you don't need to obtain additional certificates (nor will obtaining additional certificates help solve your problem).

There are a number of prior threads on this forum about how to use OpenSSL to convert PEM files to JKS format.

https://community.letsencrypt.org/search?q=jks%20openssl

https://community.letsencrypt.org/search?q=jks%20pkcs12

I hope one of them can help you.

If you find an appropriate command, you can put it into a shell script and then specify it to Certbot with the --deploy-hook option. In that case, Certbot would automatically run your script whenever the certificate is successfully renewed, which can help make this process more automatic so you won't have to do this step manually in the future.

system · May 8, 2021, 7:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.