the process with LetsEncrypt will be similar
Yes. The tricky part is using apache on the linux to receive your letsencrypt key files for your domain (it needs port 80/443) and NO B4J webapps running. You then recieve 2 .pem files that you have to convert to a keystore file.
Short story (I'll make a more extended one with screenshots later).
1. install certbot
sudo apt-get install certbot
If you are running haproxy, make sure you disable it to:
systemctl stop haproxy.service
2. get your .pem keys:
sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d feedback.abmaterial.com
3. Pick option 3 (use a file)
4. Enter the full path to your apache www root (in my case it was)
Now a file will be created there and Letsectrypt must be able to download this file to verify this domain belongs to you.
5. You receive something like this if succesful:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/feedback.abmaterial.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/feedback.abmaterial.com/privkey.pem
Your cert will expire on 2018-02-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
6. Make a pkcs12 file
sudo openssl pkcs12 -export -out keystore.pkcs12 -in /etc/letsencrypt/live/feedback.abmaterial.com/fullchain.pem -inkey /etc/letsencrypt/live/feedback.abmaterial.com/privkey.pem
7. Finally convert it to a keystore file
sudo keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks
You can now also restart haproxy (if needed)
systemctl start haproxy.service
