Enter your VIP code to register:

OR enter your USER ID + Password

User ID: Password:

Sign in / Register

Articles

Certbot Automation for Java-based Servers (Cheat Sheet)

Photo of Kevin Moreland

Date published: 2018-03-20
Last updated: 2018-04-11

Automate everything, starting with your environment.

Certbot does not (as of this writing) allow customization of the port number verification is performed on. For servers such as Nginx, there is already out of the box support which enables you to renew without taking your primary server offline. However, if you are operating an unsupported Java-based server, how might one go about automating LetsEncrypt renewals?

Bonus points for:

Once you've automated this by having it run daily, you'll be ready when Let's Encrypt starts shortening the lifetime of the certs. Attempting renewals starting at 30 days before expiration gives you plenty of chances and advance warning in case Let's Encrypt servers are down.

After everything is stable, submit your host to hstspreload.org and consider adding a CAA (Certification Authority Authorization) DNS record.

Other articles on this web site: