A Spring Boot module that is meant to ease the pain of generating a valid SSL Certificate using the Automatic Certificate Management Environment (ACME) protocol.
This project depends on the acme4j library.
This module depends on having openssl on the PATH to convert the certificate to PKCS12 format.
<dependency>
<groupId>com.creactiviti</groupId>
<artifactId>spring-boot-starter-acme</artifactId>
<version>0.0.1-SNAPSHOT</version>
</dependency>
<repositories>
<repository>
<id>maven-snapshots</id>
<url>http://oss.sonatype.org/content/repositories/snapshots</url>
<layout>default</layout>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
-
Add the module to your
pom.xmlfile as a dependency. -
Build your project.
-
Deploy it to a target machine and point your domain name to the IP address of that machine. LetsEncrypt validates your ownership of the domain by making a callback to the
http://your-domain/.well-known/acme-challenge/{token}endpoint exposed by this module. -
Make sure that your server has
opensslavailable on its$PATH. -
To activate
spring-boot-starter-acmeand generate a certificate execute:
sudo java -Dserver.port=80 -Dacme.enabled=true -Dacme.domain-name=<YOUR_DOMAIN_NAME> -Dacme.accept-terms-of-service=true -jar mysecureapp-0.0.1-SNAPSHOT.jar
-
Check your console for a confirmation that the certificate was successfully generated.
-
Stop your application and configure it to make use of the generated certificate:
server.port=443
server.ssl.key-store=keystore.p12
server.ssl.key-store-password=password
server.ssl.keyStoreType=PKCS12
| Name | Description | Type | Default Value |
|---|---|---|---|
| acme.enabled | Activate the spring-boot-starter-acme module | boolean | false |
| acme.accept-terms-of-service | Accepts the CA's terms of service | boolean | false |
| acme.domain-name | The domain name to register the SSL cert for | string | |
| acme.user-key-file | The location of the user private key file | string | user.key |
| acme.domain-key-file | The location of the domain private key file | string | domain.key |
| acme.domain-csr-file | The location of the domain csr file | string | domain.csr |
| acme.domain-chain-file | The location of the domain chain file | string | domain-chain.crt |
| acme.key-store-file | The location of the keystore file | string | keystore.p12 |
| acme.key-store-password | The keystore password | string | password |
| acme.endpoint | The acme endpoint to generate the cert with | string | acme://letsencrypt.org |
| CA | Env | URL |
|---|---|---|
| LetsEncrypt | Staging | acme://letsencrypt.org/staging |
| LetsEncrypt | Prod | acme://letsencrypt.org |
Version 2.0 of the Apache License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent