I successfully generated a Let's Encrypt certificate for my set using a the certbot standalone server, but now I want to move those into a payara micro container for production. Payara Micro allows me to put asadmin commands in pre/post scripts that it picks up and runs.
First, here is the docker command to create the container:
docker run -p 8765:8090 \
--mount type=bind,src=$(pwd)/deployments,dst=/opt/payara/deployments \
--mount type=bind,src=$(pwd)/lib,dst=/opt/payara/lib \
--mount type=bind,src=$(pwd)/cert,dst=/opt/payara/cert \
--mount type=bind,src=$(pwd)/scripts,dst=/opt/payara/scripts \
--env-file payara.env \
--restart=always \
payara/micro:5.191 \
--prebootcommandfile /opt/payara/scripts/preboot.asadmin \
--addlibs /opt/payara/lib \
--deploy /opt/payara/deployments/MyApp.war \
--sslport 8090 \
--sslcert le_myapp \
--contextroot ROOT
The preboot.asadmin script has one line:
add-pkcs8 --domain_name production --destalias "le_myapp" --priv-key-path /opt/payara/cert/privkey.pem --cert-chain-path /etc/letsencrypt/opt/payara/cert/fullchain.pem
Of course, registering the cert fails, and the log doesn't provide any useful information as to why it failed:
[2019-05-29T16:41:48.329+0000] [] [WARNING] [] [fish.payara.boot.runtime.BootCommand] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1559148108329] [levelValue: 900] Boot Command add-pkcs8 failed Exception while executing command.
[2019-05-29T16:41:48.999+0000] [] [INFO] [] [fish.payara.boot.runtime.BootCommand] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1559148108999] [levelValue: 800] [[
Boot Command set returned with result SUCCESS : PlainTextActionReporterSUCCESSDescription: set AdminCommandnull
configs.config.server-config.network-config.network-listeners.network-listener.https-listener.port=8090
]]
[2019-05-29T16:41:49.042+0000] [] [INFO] [] [fish.payara.boot.runtime.BootCommand] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1559148109042] [levelValue: 800] [[
Boot Command set returned with result SUCCESS : PlainTextActionReporterSUCCESSDescription: set AdminCommandnull
configs.config.server-config.network-config.network-listeners.network-listener.https-listener.enabled=true
]]
[2019-05-29T16:41:49.114+0000] [] [INFO] [] [fish.payara.boot.runtime.BootCommand] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1559148109114] [levelValue: 800] [[
Boot Command set returned with result SUCCESS : PlainTextActionReporterSUCCESSDescription: set AdminCommandnull
configs.config.server-config.network-config.protocols.protocol.https-listener.ssl.cert-nickname=le_myapp
]]
UPDATE 1:
I filed an issue with payara/Payara/issues/4010 because I think it's a problem with command on the Micro edition. If there is an update to that issue I will post an update here.
UPDATE 2:
As suggested on the github issue, I removed --domain_name production from the command. I even tried the non-micro payara/server-web:5.192. Neither worked. Applying the same asadmin command on a native installation works just fine.
