How to install Let's Encrypt to my droplet with dockerized spring boot app?

Question

Hello everybody,

I created a droplet (Docker 5:19.03.1~3 on 18.04). I pulled my docker image from docker hub and run it. My docker image contains a Spring boot application. (tomcat embedded). It’s working nice but I want to add https (Let’s encrypt) to my page. I found some documents, tutorials but everybody talks about nginx & apache. Can someone please help me to install https to my spring boot (embedded tomcat) application on my droplet (Ubuntu 18.04.3 LTS bionic) The page is up and running now and I will keep it running while fixing this if possible.

yonetmen · Answer

I follow the instructions but having problems. Let me tell you about my process. I just created a new droplet (Docker 5:19.03.1~3 on 18.04). Then I opened an SSH into my droplet. Logged in as root. I run the command to pull and run my docker image from the docker hub. I logged in my Godaddy account and updated A record to pointing my new droplet. At this point, when I browse into gizartblog.com everything works just fine.

Now, In my ssh console I ran the command in the current folder (root):

git clone https://github.com/certbot/certbot

Inside newly-created certbot folder, I ran

./certbot-auto certonly -a standalone -d gizartblog.com -d www.gizartblog.com

I get this error after this command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gizartblog.com
http-01 challenge for www.gizartblog.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

I run this command to run my docker image:

docker run -d -p 80:8080 myusername/myproject:latest

yonetmen · Answer

This comment has been deleted

Bobby Iliev · Answer

Hello,

I would suggest checking this answer here.

What they are suggesting is the following:

Get the certbot from here:

https://github.com/certbot/certbot

Generate a certificate for your domain:

./certbot-auto certonly -a standalone -d example.com -d www.example.com

The SSL would be stored at /etc/letsencrypt/live/example.com. Spring Boot expects PKCS#12 formatted file. So t convert the certificate you could do the following:
Go to the /etc/letsencrypt/live/example.com directory.

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root

The file keystore.p12 with PKCS12 is now generated in /etc/letsencrypt/live/example.com
Then you have to configure your Spring Boot app. In your application.properties file and put the following properties there:

server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/example.com/keystore.p12
server.ssl.key-store-password=<your-password>
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

I would recommend going through the two original articles as well:

Issuing a certificate: Spring Boot Application Secured by Let’s Encrypt Certificate
Renewing a certificate: Let’s Encrypt Certificate Renewal: for Spring Boot

Hope that this helps! Regards, Bobby

Related

Question

How to install Let's Encrypt to my droplet with dockerized spring boot app?

Related