LetsEncrypt Export to additional formats

  • It would be nice to have an option to convert/export ssl keys to PKCS12 (and other common formats) for easy use for javastore apps from LetsEncrypt panel page. I have a couple that I issue ssl to to my personal services. Openfire and Subsonic music streamer just to mention them. I know it is easy to generate what one needs for these particular scenarios in the terminal with the keys shown under Domain | Manage SSL certificate, but I am thinking of customers that may not have the knowledge to pull it off and not leave it to the server owner/admin. It will save time and manual intervention for the server owner, especially if they have lots of users/customers with that particular need. It would make issuing new certs every 3 months easier to non apache/nginx apps. Just a suggestion.

    Lucky for me, I only host my stuff and just a couple for friends and family, so my heart would not be broken if this is not viable as I am the only one on my server with that kind of need and I have done it manually for years anyway. Doing it 4 times a year will not hurt me too much ... HAHA 8|

    Many Thanks to you all ... :D

    “Life is all an Elaborate Hoax”

  • You need PKCS#12 for SSL private key, issued SSL certificate (or both in same file) and also intermediate certificate?


  • Private Key and Certificate for sure. Intermediate if not already in trust from vendor.

    I have read a little about LetsEncrypt and Javastore trust from this site, http://stackoverflow.com/quest…lets-encrypt-certificates , for your info.

    When I have to issue myself, I must use private key, certificate and Intermediate on first instance (lets say when I issue for Openfire), then after that, only private key and certificate when I issue for Subsonic as Intermediate is already in javastore.

    That is why I stated if not viable to implement, it wouldn't hurt my feelings. It sounds tricky to me with the variables involved and a lot of work, which you all work a lot as is ...

    Even if one can export easily from user panel, one still has to use terminal to import cert for Subsonic, but it would save a few steps in the process. Openfire has GUI in admin console for ssl, so that is quite easy for the newbie ... These are the only non apache apps I have ever used.

    “Life is all an Elaborate Hoax”

  • Some links for you:

    That shouldn't be so hard to implement in PHP but this is not really linked to the LetsEncrypt plugin. This should be done in core ;)


  • The link to letsencrypt-jetty.sh you provided is basically how I have been doing it ...

    I appreciate the input and your help. Don't have too much fun ... 8)

    “Life is all an Elaborate Hoax”

  • Just for any LetsEncrypt and Subsonic users, I am listing what I do when it comes time to renew cert for Subsonic and it works for me. Just execute commands below and answer any questions it asks you. I am keeping this in same post as to not have too many results for a search of Subsonic and SSL.

    cd /etc/letsencrypt/live/<domain>

    cat privkey.pem > subsonic.crt
    cat cert.pem >> subsonic.crt
    cat chain.pem >> subsonic.crt

    openssl pkcs12 -in subsonic.crt -export -out subsonic.pkcs12

    keytool -importkeystore -srckeystore subsonic.pkcs12 -destkeystore subsonic.keystore -srcstoretype PKCS12 -srcalias 1 -destalias subsonic

    zip /usr/share/subsonic/subsonic-booter-jar-with-dependencies.jar subsonic.keystore

    service subsonic restart

    Voila, you should be good to go ...

    Thanks and I hope this helps 8)

    “Life is all an Elaborate Hoax”