By jmudse55
I followed this tutorial and everything worked, except the new certificate only updated on the default port and not port 8443. How can I fix this? The sites are cicd.shelter-ent.app and cicd.shelter-ent.app:8443.
EDIT: I took over this server from someone else and am not sure how they configured everything. A few months ago, the SSL on the 8443 server running Jenkins expired.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
Hi there @jmudse55,
Installing a certificate for Jenkins is a bit different compared to a standard web server like Apache or Nginx, there are a few things that you need to do.
Note: before starting I recommend taking a backup of your current configuration so that in case anything goes wrong, you could restore to the working config
First, you need to obtain a new valid SSL certificate for the domain name in question and get the certificate files:
* The SSL certificate itself, it should be a file ending in `.crt`
* The Private Key, it will be a file ending in `.key`
* And also the CA bundle, in most cases it will again end in `.crt`
After that you need to convert the certificate into a .pfx format, you can either use a tool like openssl or use the SSL Shopper converter tool instead:
https://www.sslshopper.com/ssl-converter.html
After you have the .pfx file you need to convert it to JKS format. To do that, you need to have JDK installed and run the following command:
keytool -importkeystore -srckeystore your_certificate.pfx \
-srcstorepass 'your_pfx_password' -srcstoretype PKCS12 \
-srcalias jenkins.devopscube.com -deststoretype JKS \
-destkeystore jenkins.jks -deststorepass 'your_pfx_password' \
-destalias yourdomain.com
Copy the jenkins.jks file into the /etc/jenkins/ directory and make sure that it has secure permissions:
chmod 700 /etc/jenkins
chmod 600 /etc/jenkins/jenkins.jks
Once this is done edit the Jenkins config:
- nano /etc/sysconfig/jenkins
There update the path to the new file and the new password:
JENKINS_HTTPS_KEYSTORE="/etc/jenkins/jenkins.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="<your-keystore-password>"
Finally, restart Jenkins so that it could read the new file.
Regards, Bobby
Hi,
The configuration described in @bobbyiliev’s answer is the first one you should check. Besides that, you should consider configuration where Apache server acts as reverse proxy for Jenkins. To check it, run the command:
sudo netstat -tulpn | grep 8443
The result similar to that
Outputtcp 0 0.0.0.0:8443 0.0.0.0:* LISTEN 760/apache2
indicates that Apache serves reverse proxy for Jenkins, and you can follow the description below :)
I guess there are different virtual hosts (vhosts) for ports 443 and 8443 defined in your Apache configuration. It is very likely they are in different config files. Try to look for them with that command:
sudo grep -e 443 $(find /etc/apache2/ -name "*.conf")
These vhosts config files should contain the directives pointing to the certificate files, e.g.
SSLCertificateFile /etc/letsencrypt/live/cicd.shelter-ent.app/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cicd.shelter-ent.app/privkey.pem
Copy the directives from 443 vhost and replace with them corresponding directives in 8443 vhost. Restart Apache service:
sudo systemctl restart apache2
Let us know how it works.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.