How to install Let's Encrypt to my droplet with dockerized spring boot app?

October 29, 2019 728 views
Docker Ubuntu 18.04 Let's Encrypt

Hello everybody,

I created a droplet (Docker 5:19.03.1~3 on 18.04). I pulled my docker image from docker hub and run it. My docker image contains a Spring boot application. (tomcat embedded). It’s working nice but I want to add https (Let’s encrypt) to my page. I found some documents, tutorials but everybody talks about nginx & apache. Can someone please help me to install https to my spring boot (embedded tomcat) application on my droplet (Ubuntu 18.04.3 LTS bionic) The page is up and running now and I will keep it running while fixing this if possible.

3 Answers

Hello,

I would suggest checking this answer here.

What they are suggesting is the following:

  • Get the certbot from here:

https://github.com/certbot/certbot

  • Generate a certificate for your domain:
./certbot-auto certonly -a standalone -d example.com -d www.example.com
  • The SSL would be stored at /etc/letsencrypt/live/example.com. Spring Boot expects PKCS#12 formatted file. So t convert the certificate you could do the following:

  • Go to the /etc/letsencrypt/live/example.com directory.

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root
  • The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/example.com

  • Then you have to configure your Spring Boot app. In your application.properties file and put the following properties there:

server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

I would recommend going through the two original articles as well:

Hope that this helps!
Regards,
Bobby

I follow the instructions but having problems. Let me tell you about my process. I just created a new droplet (Docker 5:19.03.1~3 on 18.04). Then I opened an SSH into my droplet. Logged in as root. I run the command to pull and run my docker image from the docker hub. I logged in my Godaddy account and updated A record to pointing my new droplet. At this point, when I browse into gizartblog.com everything works just fine.

Now, In my ssh console I ran the command in the current folder (root):

git clone https://github.com/certbot/certbot

Inside newly-created certbot folder, I ran

./certbot-auto certonly -a standalone -d gizartblog.com -d www.gizartblog.com

I get this error after this command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gizartblog.com
http-01 challenge for www.gizartblog.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

I run this command to run my docker image:

docker run -d -p 80:8080 myusername/myproject:latest
  • Nobody can explain step by step how to fix this issue? The instructions above are all over the internet but it’s not really working.

  • Hi,

    Have you tried starting the container first and then running the certbot command?

    The error that you are getting is saying that certbot is unable to connect on port 80, this would happen if you don’t have anything listening on that port.

    Let me know how it goes.
    Regards,
    Bobby

    • Hi Bobby,

      I already started the container first with docker run -d -p 80:8080 myusername/myproject:latest and then ran the certbort command.

      • Hello,

        Note that in order to issue the SSL certificate with Let’s Encrypt your domain name needs to be pointing to the droplet’s IP address in order for Let’s Encrypt to be able to validate that you actually own the domain name.

        If the domain name is not pointing to the IP address, you would get that Problem binding to port 80: Could not bind to IPv4 or IPv6. error.

        If the above approach is not working, I would just suggest using Nginx as a reverse proxy and SSL termination.

        Hope that this helps!
        Regards,
        Bobby

Have another answer? Share your knowledge.