This article explains about the free ssl provider letsencrypt certificate creation or generation for your domain. You need to run the below commands in the server where you have your domain is running and after the below steps ssl will be installed successfully in your server for the provided domain.
But you need to include the same server in your backend java spring boot or relevant codes as well to make the communication encrypted between your servers.
Table of Contents
1. Go to this path:
cd /letsencrypt/letsencryptYou should be able to find the certbot-auto [not able to find then you may need to install/setup letsencrypt properly in your linux servers]
(or) Create with single command
sudo certbot certonly --standalone -d yourdomain.com --staple-ocsp -m mail2agn@gmail.com --agree-tos
2. Stop the nginx / apache server if its running
Because letsencrypt will try to use port 80 during certificate creation/generation process. So its good to keep the server not running till this certificate creation process is completed.
3. Create the certificate now
sudo ./certbot-auto certonly -a standaloneIt will ask you to enter domain/subdomain, enter the domain name/subdomain and proceed. Do you want to explore other letsencrypt commands, here is the link.
4. Make sure your application is running on the same server where you are executing the above commands.
Because as part of the certificate creation or generation process it verifies the site and the owner of the site basically DNS/A records and certificate will be generated only if the domain is running successfully with the server.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/your_domain_name/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/your_domain_name/privkey.pem
Your cert will expire on 2021-07-01. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leNote:
This certificate is valid only 90 days. After that you have to renew it.
Renewal process is pretty simple and find the link here for the same.
Next Step ?
The certificate is created now you might need to include in your project. Here is the link on how to include in your spring boot project and that requires the .p12 format.