Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-7928

Use "Let's encrypt" for OFBiz demos SSL/TLS certificates



      This is a transtion from INFRA-11960

      After some tries, I have finally decided to adapt and use http://blog.ivantichy.cz/blogpost/view/74 which is the most convenient way for OFBiz

      Since we need to use SANs (for demo-trunk-ofbiz.apache.org, demo-stable-ofbiz.apache.org and demo-old-ofbiz.apache.org which are actually OFBiz instances using different set of ports), I will try to use "-d ofbiz-vm.apache.org" as 1st "-d" argument and if that does not work I'll simply use the "-d" parameter with the other sub-domains only. What I actually need is a renewable certificate in the OFBiz Java keystore (ofbiz.jks) with the SANs present. From my experiences, the (adapted) script above should provide me that.

      Maybe another possibility would be to install our own HTTPS and use the instructions provided by Sam Ruby in INFRA-11960. I have to balance the work with adapting the script I refered to above.

      The EFF has published new instructions: https://certbot.eff.org/#ubuntutrusty-apache

      FWIW, I had no problem moving from whimy-vm2 to whimsy-vm3. I've now got certs for a second machine (ghmon-vm). Here's the puppet instructions to download certbot, create a cronjob, and add use the certificates with Apache httpd:


      Once this is deployed, all that is left is running a single command: certbot-auto -d host1.apache.org -d host2.apache.org... and answering two prompts (you need to provide an email address and to indicate that you have read the terms of service).


          Issue Links



              • Assignee:
                pfm.smits Pierre Smits
                jacques.le.roux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                1 Start watching this issue


                • Created: