I have created a project in Spring Boot 2. I will be using Linux as the server and Docker to build all the services. Right now I use an unsigned certificate, created with keytool, which I load into my project like this:
With the above configuration I can see the website by typing https://ip.server. Is it possible to create a KeyStore.jks file with your signature? I would like to type https://ip.server and see the Let's Encrypt certification. I haven't bought a domain name yet because I don't know how to do it but I'm trying to figure out how. To get the certificate, do I first have to purchase a domain name or is a static IP sufficient?
If I change IP because I change instance, do I have to recreate the certificate?
I need a step by step guide explaining how to add signed https on my project because I'm not a developer but a tech enthusiast.
Thank you
Let's Encrypt currently does not provide certificates for IP addresses and unfortunately plans for this have been shelved. It's unsure if and/or when Let's Encrypt will provide certs for IP addresses.
Also unfortunately, there was a free Chinese CA offering certs for IP addresses (pki.plus), but that CA is somehow gone.. No clue how/where/what tho..
There are some possibilities to get a free domain name such as Free and paid domains though.
Not if you have a certificate for a hostname (which is most likely the only possibility anyway). The browser and/or certificate couldn't care less which IP address that hostname resolves to
I'm afraid I personally can't provide that, as I'm not familiar with Spring Boot 2 at all.
I have added a domain name and a self-signed certificate to my site and everything works fine. If you explain to me how to add your certificate to Spring Boot 2.7.0, I will be happy to replace it. As a web server I use Tomcat 9 but on Docker Compose I don't have an explicit service because with Spring Boot 2 I produced a .jar file with an embedded version of Tomcat. My Docker configuration is as follows:
FROM openjdk:11.0.15-jre-slim
EXPOSE 8443
WORKDIR /appfolder
CMD ["java", "-jar", "/appfolder/myapp.jar"]
Also on Docker I also have PostgreSQL on port 5432 and pgAdmin on port 80. If I have to change the port of pgAdmin it's not a problem. I'd like to reach pgAdmin with https and letsencrypt too if possible.
Thank you
HI @federico.galimberti I got your DM. If you look at similar "spring boot docker let's encrypt" guides you'll find that you first need to get your certificate from Let's Encrypt (generally using certbot, it depends what your host OS is), then apply it to your app configuration within docker:
You would likely use certbot (the guide is old and mentions certbot-auto which I don't think is still a thing).
If your domain is pointing to your host machine then you can use http validation to provide domain control to Let's Encrypt, if not you can try to use DNS validation instead.
ubuntu@webserver:~$ sudo certbot certonly --standalone -d nomeadominio.qualcosa
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for nomeadominio.qualcosa
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: nomeadominio.qualcosa
Type: dns
Detail: no valid A records found for nomeadominio.qualcosa; no valid AAAA records found for nomeadominio.qualcosa
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the li sted domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My site is a free domain open on freenom. I edited the error code because I don't want to leave a trace of the domain name I am using on the forum.
The translation into English is a 'domainname.something'.
I use port 80 for pgAdmin. However now I have removed all Docker containers. I am trying to install Let's Encrypt from an OS with no container running.
ubuntu@webserver:~$ sudo certbot certonly --standalone -d mydomain.tk -d www.mydomain.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mydomain.tk and www.mydomain.tk
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: mydomain.tk
Type: connection
Detail: ###.###.###.###: Fetching http://mydomain.tk/.well-known/acme-challenge/__L...0: Error getting validation data
Domain: www.mydomain.tk
Type: connection
Detail: ###.###.###.###: Fetching http://www.mydomain.tk/.well-known/acme-challenge/k...4: Error getting validation data
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
You are using the standalone option so that certbot runs a temporary webserver on port 80 in order to serve the challenge response. To do this you first need to ensure that you have stopped any other webserver that may be using port 80.
Thanks for the tip but I already knew about it. I deleted all Docker containers before making these attempts. I solved everything. The problem was the Oracle Cloud requiring additional configurations. This Cloud works differently from the others I have tried. Now I move on to converting all the certificates and everything else.
@rg305, I found your code on the forum: openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12
The problem is that with your code I don't know what to write after server.ssl.keyAlias in Spring Boot.
I managed to create the certificate with Linux and import it into Docker where there is a container with Spring Boot and Tomcat embedded.
Now I need to add a nginx, apache or something similar and set up a reverse proxy.
