Sep 19, 2018

How to install letsencrypt free ssl to glassfish server on Amazon EC2

visit certbot and follow the instructions below to setup your system

$ sudo ./path/to/certbot-auto certonly --debug

How would you like to authenticate with the ACME CA?
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

1: Enter a new webroot

Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for (Enter 'c' to cancel): /opt/glassfish3/glassfish/domains/domain1/docroot

Select the webroot for
1: Enter a new webroot
2: /opt/glassfish3/glassfish/domains/domain1/docroot
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

 - Congratulations! Your certificate and chain have been saved at
   Your cert will expire on 2017-10-16. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

Automate importing certificate to glassfish

for further reading
Now we import the certificates. Make the following script and save it as to automate the process then run it with the command
$ bash

#note that chageit is the default keystore password

mkdir etc
cd etc

sudo openssl pkcs12 -export -in $LIVE/cert.pem -inkey $LIVE/privkey.pem -out cert_and_key.p12 -name myalias -CAfile $LIVE/chain.pem -caname root -password pass:$KEYSTOREPW
sudo keytool -importkeystore -destkeystore keystore.jks -srckeystore cert_and_key.p12 -srcstoretype PKCS12 -alias myalias -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW
sudo keytool -import -noprompt -trustcacerts -alias root -file $LIVE/chain.pem -keystore keystore.jks -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW

sudo openssl pkcs12 -export -in $LIVE/fullchain.pem -inkey $LIVE/privkey.pem -out pkcs.p12 -name glassfish-instance -password pass:$KEYSTOREPW
sudo keytool -importkeystore -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -alias glassfish-instance -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW
sudo openssl pkcs12 -export -in $LIVE/fullchain.pem -inkey $LIVE/privkey.pem -out pkcs.p12 -name s1as -password pass:$KEYSTOREPW
sudo keytool -importkeystore -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -alias s1as -srcstorepass $KEYSTOREPW -deststorepass $KEYSTOREPW -destkeypass $KEYSTOREPW

sudo keytool -list -keystore keystore.jks -storepass $KEYSTOREPW

sudo cp -f keystore.jks $GFDOMAIN/config/

sudo service glassfish stop
sudo service glassfish start

cd ..
sudo rm -rf etc

Restart glassfish