Letsencypt Solr SSL JVM

Question

I have been trying to get this to work for days, but can anyone point me in the right direction (tutorial ect.) for how to get LetsEncypt certs to run in Solr?

I have a Rails site running on 443 with LetsEncrypt and have added solr on the same machine, on a different port. The Solr is running SSL with self-signed certs.

Can i use the same Certs for the main site as both the site and the solr can be accessed on the same URL?

Obviously the solr instance is secured via IP tables as it seemed an easyier setup than reverse proxying while trying to use the same cert.

Any pointers or hints greatly appreciated!

Thanks

Answer 1

Sometimes i overlook the obvious!

As i have a key for the Domain already, and Solr responds on mydomain.com:8983 all that is needed is to create a Java Key Store (jks) from the existing keys on the system.

So all that was needed is

openssl pkcs12 -export -in /etc/letsencrypt/live/mydomain.com/fullchain.pem -inkey /etc/letsencrypt/live/mydomain.com/privkey.pem -out pkcs.p12 -name NAME

specifing the location of the Lets-Encrypt Cert (on my system /etc/letsencrypt/live/mydomain.com/)

Then convert the PKCS12 key to a jks...

keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias NAME

replacing password where needed.

I would have thought the best practace here would be to Automate this in a bash script to be run when the Lets-encrypt certs are renewed.