Skip to content

Instantly share code, notes, and snippets.

@Firefishy

Firefishy/install-letsencrypt-in-jdk.sh

Forked from hedefalk/install-letsencrypt-in-jdk.sh
Last active September 1, 2022 10:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Firefishy/109b0f1a90156f6c933a50fe40aa777e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Firefishy/109b0f1a90156f6c933a50fe40aa777e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install letsencrypt in jdk
wget https://letsencrypt.org/certs/isrgrootx1.pem
wget https://letsencrypt.org/certs/letsencryptauthorityx1.der
sudo keytool -delete -alias letsencryptauthorityx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
sudo keytool -delete -alias isrgrootx1 -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
sudo keytool -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file ~/Downloads/letsencryptauthorityx1.der
Certificate was added to keystore
sudo keytool -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -alias isrgrootx1 -file ~/Downloads/isrgrootx1.pem
Certificate was added to keystore
rm isrgrootx1.pem letsencryptauthorityx1.der
@JuniorBatista
Copy link
Copy Markdown

JuniorBatista commented May 25, 2016

You must restart the server after running the sh?

@JasonJanelle
Copy link
Copy Markdown

JasonJanelle commented Jun 20, 2016

@JuniorBatista yes you will have to restart any java processes that need to use the new certs

@EHJ-52n
Copy link
Copy Markdown

EHJ-52n commented Mar 15, 2017

@Firefishy I have an version for jenkins users: install_lets-encrypt_jenkins-jdks.sh

The keytool version I have requires to change the option -importcert to -import.

@Pablohn26
Copy link
Copy Markdown

Pablohn26 commented May 31, 2017

@EHJ-52n maybe this helps you

@Sicaine
Copy link
Copy Markdown

Sicaine commented Sep 21, 2018

If you are using debian, you can use the following package: https://packages.debian.org/de/stretch/ca-certificates-java, link the trust store of your jvm to that one and use the update-ca-certificates tool to integrate custome certificates.

But there is a big chance, that after using the ca-certificates-java, you don't need to add those certificates manually anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment