Skip to content

Let's Encrypt SSL Certificates

Let's Encrypt is a provider that offers free SSL certificates, enabling secure HTTPS connections for domains.^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md]

Certificate Generation

A common tool used to manage Let's Encrypt certificates is Certbot^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md]. To verify domain ownership during the certificate issuance process, Let's Encrypt performs a validation check at a specific path on the web server: EXAMPLE.COM/.well-known/acme-challenge/^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md].

Configuration and File Formats

Let's Encrypt typically issues certificate files that may need to be converted or combined depending on the server software. For instance, a private key (private.key), a certificate (certificate.crt), and a CA bundle (ca_bundle.crt) can be combined into a single PKCS12 file (e.g., tls.pfx) using openssl^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md].

Tomcat Example

To use these certificates with a Java-based server like Tomcat, the server.xml configuration file must be updated to point to the keystore file.^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md]

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="C:\Users\yu_da\Desktop\apache-tomcat-8.5.83\conf\tls.pfx"
    keystoreType="PKCS12"
    keystorePass="" />
^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md]

  • DevOps
  • [[Domain Name System (DNS)]]
  • [[Nginx]] (mentioned in source as a server context)
  • [[Tomcat]]

Sources

^[400-devops__02-OS-and-Linux-Basics__network__free-domain.md]