Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to use Letsencrypt certificate & private key with Jetty
# input: fullchain.pem and privkey.pem as generated by the "letsencrypt-auto" script when run with
# the "auth" aka "certonly" subcommand
# convert certificate chain + private key to the PKCS#12 file format
openssl pkcs12 -export -out keystore.pkcs12 -in fullchain.pem -inkey privkey.pem
# convert PKCS#12 file into Java keystore format
keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.jks
# don't need the PKCS#12 file anymore
rm keystore.pkcs12
# Now use "keystore.jks" as keystore in jetty with the keystore password you specfied when you ran
# the "keytool" command
@gouessej

This comment has been minimized.

Copy link

gouessej commented Jan 22, 2016

Thank you. This is typically the kind of information that should be mentioned in the documentation of Jetty.

@bdunn44

This comment has been minimized.

Copy link

bdunn44 commented Jun 6, 2016

This is in Jetty's documentation. You'll find it here: http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#loading-keys-and-certificates. Thanks for posting a succinct example here, though!

@EPOTH

This comment has been minimized.

Copy link

EPOTH commented Apr 9, 2017

This gist saves life . Thank you .

@tomekbielaszewski

This comment has been minimized.

Copy link

tomekbielaszewski commented Sep 28, 2017

Thank you so much. You've just saved my app ;D

@kernelfreak

This comment has been minimized.

Copy link

kernelfreak commented Nov 9, 2017

I had to rename the file from keystore.jks to simply keystore for jetty defaults. These 2 commands were very useful. Thank you.

@Mellivora123

This comment has been minimized.

Copy link

Mellivora123 commented Nov 16, 2017

it helps a lot!

@mussaGG

This comment has been minimized.

Copy link

mussaGG commented Jul 2, 2018

Dude, if I could, I would kiss you. You have no idea what an impact your simple solution has had, we were tearing our hair out trying to get things to work for our app. Thank you!!!

@Plasmoxy

This comment has been minimized.

Copy link

Plasmoxy commented Jul 15, 2018

Sir, many thanks for this life-saving gist !
someone should write a tutorial for this

  • ( I should write a tutorial for this :D )
@pointbazaar

This comment has been minimized.

Copy link

pointbazaar commented Nov 30, 2018

thank you sir!

@luckydem

This comment has been minimized.

Copy link

luckydem commented Mar 26, 2019

Thanks this has been extremely helpful!
Has anyone extended the script to auto update the private key for jetty when ever the letsencrypt certificate is updated?

@seanbright

This comment has been minimized.

Copy link

seanbright commented May 2, 2019

Putting the file into a .jks file isn't necessary. You can load the PKCS #12 file directly:

sslContextFactory.setKeyStoreType("PKCS12");
sslContextFactory.setKeyStorePath("/path/to/pkcs/file.p12");

(The call to setKeyStoreType() is probably unneeded as well, unless you've changed the security policy setting keystore.type.compat which defaults to true)

@kernelfreak

This comment has been minimized.

Copy link

kernelfreak commented May 3, 2019

Thank you for this. Lifesaver.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.