This is how I updated the keystore.jks to run with letsencrypt!!
- Register with any free dyndns provider (e.g. http://www.dnshome.de )
- Enter the access data in your router
The next step is a little bit tricky .. here is what I did
- install apache2
- enable port forwarding for port 80 in your router
- https://tutorials-raspberrypi.de/raspberry-pi-ssl-zertifikat-kostenlos-mit-lets-encrypt-erstellen/
The relevant certificate files are located here after running autocert:
/etc/letsencrypt/live/YOURDOMAIN
Then check this out (https://blog.codecentric.de/2013/01/selbstsignierte-zertifikate-aus-pem-dateien-in-java/)
- openssl pkcs12 -export -out keystore.p12 -inkey privkey.pem -in cert.pem
- keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
- cp keystore.jks /home/pi/mycontroller/conf
Edit mycontroller.properties:
mcc.web.ssl.keystore.file=../conf/keystore.jks
mcc.web.ssl.keystore.password=mycontroller
mcc.web.ssl.keystore.type=JKS
mycontroller must be replaced by the passwort you choose during certificate export with openssl
You can now disable port forwarding for port 80 and enable port forwarding for port 8443 (be sure to choose a strong passwort)
Result:
!!! Valid certificate in all major browsers (chrome in my example) !!!