Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-7928

Use "Let's encrypt" for OFBiz demos SSL/TLS certificates

    Details

      Description

      This is a transtion from INFRA-11960

      After some tries, I have finally decided to adapt and use http://blog.ivantichy.cz/blogpost/view/74 which is the most convenient way for OFBiz

      Since we need to use SANs (for demo-trunk-ofbiz.apache.org, demo-stable-ofbiz.apache.org and demo-old-ofbiz.apache.org which are actually OFBiz instances using different set of ports), I will try to use "-d ofbiz-vm.apache.org" as 1st "-d" argument and if that does not work I'll simply use the "-d" parameter with the other sub-domains only. What I actually need is a renewable certificate in the OFBiz Java keystore (ofbiz.jks) with the SANs present. From my experiences, the (adapted) script above should provide me that.

      Maybe another possibility would be to install our own HTTPS and use the instructions provided by Sam Ruby in INFRA-11960. I have to balance the work with adapting the script I refered to above.

      The EFF has published new instructions: https://certbot.eff.org/#ubuntutrusty-apache

      FWIW, I had no problem moving from whimy-vm2 to whimsy-vm3. I've now got certs for a second machine (ghmon-vm). Here's the puppet instructions to download certbot, create a cronjob, and add use the certificates with Apache httpd:

      https://github.com/apache/infrastructure-puppet/pull/107/commits/8fea8223f398a77e67173c1b0c1b06b80fe576b0

      Once this is deployed, all that is left is running a single command: certbot-auto -d host1.apache.org -d host2.apache.org... and answering two prompts (you need to provide an email address and to indicate that you have read the terms of service).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pfm.smits Pierre Smits
                Reporter:
                jacques.le.roux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: