Create SSL certificates using letsencrypt - ja-guzzle/guzzle_docs GitHub Wiki
-
We will use Let's Encrypt to create a free SSL certificate.
-
Run the following commands to create free SSL certificates:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
sudo certbot certonly --apache -d <guzzlevm_domain>
<guzzlevm_domain> example: guzzlevm.southeastasia.cloudapp.azure.com
it requires HTTP(80) and HTTPS(443) port to be publicly accessible. If the port is inaccessible, sometimes it was network interface in azure portal does not have entry for port 80.
- Move certificates to /certs by executing the following commands:
sudo chmod 777 /etc/letsencrypt/live
sudo cp /etc/letsencrypt/live/<guzzlevm_domain>/* /certs/
4.Create a PKCS12 file by executing the following command at /certs/
replace <key_store_password> with password
cd /certs
sudo openssl pkcs12 -export -out keystore.p12 -in cert.pem -inkey privkey.pem -passout pass:<key_store_password> -name guzzle
sudo chmod -R 777 /certs
- Add the following configuration in /guzzle/api/application.yml and restart the API.
server:
...
ssl:
key-store-type: PKCS12
key-store: /certs/keystore.p12
key-store-password: <key_store_password>
key-alias: guzzle
- Restart Guzzle API and Web application
cd /guzzle/api
nohup java -Dloader.path=/guzzle/api/libs -jar api-0.0.1-SNAPSHOT.jar &
cd /guzzle/web/
nohup http-server -p 8082 --push-state --ssl --cert /certs/cert.pem --key /certs/privkey.pem . &
If the API server and web server is running, use following to stop first:
guzzle-api-stop.sh
guzzle-web-stop.sh
The path need to have following entries:
export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
export GUZZLE_HOME=/guzzle
export PATH=/opt/guzzlescript/:/opt/elasticsearch-6.2.4/bin:/opt/node-v6.14.2-linux-x64/bin:/opt/spark-2.4.5-bin-hadoop2.7/bin:$PATH