How to install Let's Encrypt to my droplet with dockerized spring boot app?

Question

Hello everybody,

I created a droplet (Docker 5:19.03.1~3 on 18.04). I pulled my docker image from docker hub and run it. My docker image contains a Spring boot application. (tomcat embedded). It’s working nice but I want to add https (Let’s encrypt) to my page. I found some documents, tutorials but everybody talks about nginx & apache. Can someone please help me to install https to my spring boot (embedded tomcat) application on my droplet (Ubuntu 18.04.3 LTS bionic) The page is up and running now and I will keep it running while fixing this if possible.

Answer 1

bobbyiliev October 30, 2019

Hello,

I would suggest checking this answer here.

What they are suggesting is the following:

Get the certbot from here:

https://github.com/certbot/certbot

Generate a certificate for your domain:

./certbot-auto certonly -a standalone -d example.com -d www.example.com

The SSL would be stored at /etc/letsencrypt/live/example.com. Spring Boot expects PKCS#12 formatted file. So t convert the certificate you could do the following:
Go to the /etc/letsencrypt/live/example.com directory.

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root

The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/example.com
Then you have to configure your Spring Boot app. In your application.properties file and put the following properties there:

server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

I would recommend going through the two original articles as well:

Issuing a certificate: Spring Boot Application Secured by Let’s Encrypt Certificate
Renewing a certificate: Let’s Encrypt Certificate Renewal: for Spring Boot

Hope that this helps!
Regards,
Bobby

Reply Report

bobbyiliev October 30, 2019

Another thing to mention is that it should be perfectly fine to do follow the Nginx and the Apache approach as well.
Reply Report
yonetmen October 30, 2019

Sorry, I meant to reply your answer but wrote as an answer instead.
Reply Report

Answer 2

bobbyiliev October 30, 2019

Another thing to mention is that it should be perfectly fine to do follow the Nginx and the Apache approach as well.
Reply Report
yonetmen October 30, 2019

Sorry, I meant to reply your answer but wrote as an answer instead.
Reply Report

Answer 3

yonetmen October 30, 2019

Show answer This answer has been marked as resolved by yonetmen.

Answer 4

yonetmen October 30, 2019

Show answer This answer has been marked as resolved by yonetmen.

I follow the instructions but having problems. Let me tell you about my process. I just created a new droplet (Docker 5:19.03.1~3 on 18.04). Then I opened an SSH into my droplet. Logged in as root. I run the command to pull and run my docker image from the docker hub. I logged in my Godaddy account and updated A record to pointing my new droplet. At this point, when I browse into gizartblog.com everything works just fine.

Now, In my ssh console I ran the command in the current folder (root):

git clone https://github.com/certbot/certbot

Inside newly-created certbot folder, I ran

./certbot-auto certonly -a standalone -d gizartblog.com -d www.gizartblog.com

I get this error after this command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gizartblog.com
http-01 challenge for www.gizartblog.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

I run this command to run my docker image:

docker run -d -p 80:8080 myusername/myproject:latest

Reply Report

yonetmen October 30, 2019

Nobody can explain step by step how to fix this issue? The instructions above are all over the internet but it’s not really working.
Reply Report
bobbyiliev October 31, 2019

Hi,

Have you tried starting the container first and then running the certbot command?

The error that you are getting is saying that certbot is unable to connect on port 80, this would happen if you don’t have anything listening on that port.

Let me know how it goes.
Regards,
Bobby
Reply Report
- yonetmen October 31, 2019
  
  Hi Bobby,
  
  I already started the container first with docker run -d -p 80:8080 myusername/myproject:latest and then ran the certbort command.
  
  Reply Report
  
  bobbyiliev November 5, 2019
  
  Hello,
  
  Note that in order to issue the SSL certificate with Let’s Encrypt your domain name needs to be pointing to the droplet’s IP address in order for Let’s Encrypt to be able to validate that you actually own the domain name.
  
  If the domain name is not pointing to the IP address, you would get that Problem binding to port 80: Could not bind to IPv4 or IPv6. error.
  
  If the above approach is not working, I would just suggest using Nginx as a reverse proxy and SSL termination.
  
  Hope that this helps!
  Regards,
  Bobby
  
  Reply Report
  
  yonetmen November 5, 2019
  
  Hi,
  
  I solved my problem by using nginx as a reverse proxy. :)
  
  Thank you for your time!
  
  Reply Report

Answer 5

yonetmen October 30, 2019

Nobody can explain step by step how to fix this issue? The instructions above are all over the internet but it’s not really working.
Reply Report
bobbyiliev October 31, 2019

Hi,

Have you tried starting the container first and then running the certbot command?

The error that you are getting is saying that certbot is unable to connect on port 80, this would happen if you don’t have anything listening on that port.

Let me know how it goes.
Regards,
Bobby
Reply Report
- yonetmen October 31, 2019
  
  Hi Bobby,
  
  I already started the container first with docker run -d -p 80:8080 myusername/myproject:latest and then ran the certbort command.
  
  Reply Report
  
  bobbyiliev November 5, 2019
  
  Hello,
  
  Note that in order to issue the SSL certificate with Let’s Encrypt your domain name needs to be pointing to the droplet’s IP address in order for Let’s Encrypt to be able to validate that you actually own the domain name.
  
  If the domain name is not pointing to the IP address, you would get that Problem binding to port 80: Could not bind to IPv4 or IPv6. error.
  
  If the above approach is not working, I would just suggest using Nginx as a reverse proxy and SSL termination.
  
  Hope that this helps!
  Regards,
  Bobby
  
  Reply Report
  
  yonetmen November 5, 2019
  
  Hi,
  
  I solved my problem by using nginx as a reverse proxy. :)
  
  Thank you for your time!
  
  Reply Report

Related

Question

How to install Let's Encrypt to my droplet with dockerized spring boot app?

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

How to install Let's Encrypt to my droplet with dockerized spring boot app?

Leave a comment

Related

question

transferring an existing droplet into a docker image

question

How did my database got hacked ?

question

Email DNS Configuration

question

How can I find the root of the problem? I CAN access my WP site via VPN but not via regular IP

Looking for something else?