Link from where most of this info came from
Here is a simple tutorial to use Letsencrypt SSL Certs with Subsonic. This is on a Debian Server
keytool complains if your openssl export password is empty. Additionally, Subsonic expects your keystore password to be subsonic.
To the questions asked, subsonic for each i.e.:
Enter Export Password: subsonic
Verifying - Enter Export Password: subsonic
Enter destination keystore password: subsonic
Re-enter new password: subsonic
Enter source keystore password: subsonic
Here's the steps, after you got Certbot installed and your certificate issued:
cd /etc/letsencrypt/live/<domain_name>
cat privkey.pem > subsonic.crt
cat cert.pem >> subsonic.crt
cat chain.pem >> subsonic.crt
openssl pkcs12 -in subsonic.crt -export -out subsonic.pkcs12
keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias subsonic
zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore
Tell Subsonic to listen for HTTPS, edit /etc/default/subsonic
SUBSONIC_ARGS="--max-memory=512 --context-path=/subsonic --port=8080 --https-port=8443"
Restart subsonic
service subsonic restart
I wrote a renewal hook script to automate the update process, but it doesn't seem to be working properly. Even though the script executes properly, it still seems to have the 'old' certificate when I access the site.
zipinfo /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar
gives me the correct date.However, if I unzip it and run
keytool -list -storepass subsonic -keystore subsonic.keystore
, the wrong certificate is in there.I've run out of things to try to get it to work. Can anyone see where I'm going wrong?
Posting the script below in case it's helpful to anyone else. (You will need to edit the directory locations in the obvious places).