FOR EDUCATIONAL PURPOSES ONLY. NO WARRANTY.
Simplistic letsencrypt (https://letsencrypt.org/) client.
Dependencies: Java 8
java -jar jetztencrypt-v0.4-app.jar --help
java -jar jetztencrypt-v0.4-app.jar \
--account-key account.key \
--certificate-key certificate.key \
--certificate certificate.crt \
--mode server \
--server-bind-port 80 \
--server-bind-address 0.0.0.0 \
--accept-any-tos true \
--embedded-identrust-root \
--hostname some.domain --alt-name some.domain --alt-name www.some.domain
jetztencrypt will check if a suitable certificate (with some days left before it expires) is present or create a new one otherwise. If no account.key file is present a new one will be generated.
The PEM encoded private key file certificate.key and certificate chain certificate.crt may be directly referenced from nginx.
upstream jetztencrypt {
server localhost:8080;
}
server {
listen 80;
location /.well-known/acme-challenge/ {
proxy_pass http://jetztencrypt;
}
}
server {
listen 80;
location /.well-known/acme-challenge/ {
alias /path/to/acme/dir/;
}
}Instead of --mode server use --mode directory --acme-directory /path/to/acme/dir/.
When installing a cron job use --log-level warn to silence the output.
You may want to use a wrapper script for easier crontab maintenance:
#!/usr/bin/env bash
java -jar /path/to/jetztencrypt-app.jar \
--account-key /path/to/letsencrypt.key \
--certificate-key /path/to/server.key \
--certificate /path/to/server.crt \
--mode directory \
--acme-directory /path/to/acme/ \
--embedded-identrust-root \
--accept-any-tos true \
--log-level warn \
--hostname some.domain \
--alt-name www.some.domain --alt-name www2.some.domain \
&& ( /etc/init.d/nginx reload > /dev/null )Vanilla JDK/JRE installations might not have the required IdenTrust CA certificate installed. Until this changes you may use --embedded-identrust-root to use a bundeled IdenTrust certificate to prevent letsencrypt api calls from failing.
- Why in Java?
- Because i don't have the time and nerves to implement it in some other language.
- Why Java 8?
- I'm lazy. Somebody volunteers to backport/rewrite?
./gradlew bundle
The bundled application jar can be found at build/libs/jetztencrypt-*-app.jar.