Page 1 of 1

How to Import Let's Encrypt Certificates?

Posted: 22 Dec 2015, 11:32
by KaeTuuN
Hi everyone,

I'm using a SSL Certificate from letsencrypt. org and I don't know how to import it into Madsonic.
I've found the following guide to import a StartSSL certificate: http://forum.subsonic.org/forum/viewtop ... 77&p=44021
But I'm not able to use this Manual to Import the Let's Encrypt Certificates.
I hope that someone can help me.

Here ist my configuration:

Code: Select all

=========================================================================================
 VERSION:           MADSONIC 6.0 | BUILD: 7820
 SERVER:            CPU: CORE i3-4130 | ARCH: X64 | MEMORY: 8GB | HDD: 6TB | SSD: 512GB
 OS:                LINUX MINT 17.3
 SYSTEM:            SERVER
 INSTALLER:         DEB
 JAVA:              OPEN JDK 1.7
 BROWSER:           ALL
 Certificate Files: cert.pem | chain.pem | fullchain.pem | privkey.pem
=========================================================================================
Greetings
Kae
(Why the **** am I not allowed to post Links!?)

Re: How to Import Let's Encrypt Certificates?

Posted: 20 Jan 2016, 02:08
by Zetlali
Let's Encrypt doesn't utilize a password when the certificate is generated. So you basically need to create a new keystore, import the keypair (cert.pem and privkey.pem), and then append your certificate chain. On Windows, I just use Keystore Explorer. It makes this whole process take like 6 seconds and I don't need to remember all the command line crap.

Instructions using Keystore Explorer:

1. Open Keystore Explorer and select "Create a new Keystore"
2. Select "JKS"
3. Right Click in the blank space (or hit Ctrl K) and choose "Import KeyPair"
4. Select "PKCS #8"
5. Uncheck "Encrypt Private Key" then
6. For "PKCS #8 Private Key File" choose your privkey.pem
7. For "Certificate File" choose cert.pem
8. Click Import.
9. It will ask you to select an Alias. (It defaults to your domain) Based on the linux instructions you provided, you may want to use subsonic
10. It will ask you to create a keypair password. (Use subsonic based on the instructions you linked)
11. You should now have an entry with whatever Alias you used. Right click on the entry and choose "Edit Certificate Chain" > "Append Certificate."
12. Select your chain.pem
13. Save the file when finished. (e.g. madsonic.keystore) It will ask you to create a Keystore Password. (Use madsonic based on the instructions you linked.)

Once you have the keystore, you can replace the madsonic.keystore in madsonic-booter.jar.

On Windows you don't actually need to mess with the jar files. You can just edit madsonic-service.exe.vmoptions and add these two lines:

-Dmadsonic.ssl.keystore=C:\madsonic\mykeystore.keystore
-Dmadsonic.ssl.password=yourpassword

I imagine on Linux there is a similar configuration option.

Re: How to Import Let's Encrypt Certificates?

Posted: 23 Jan 2016, 12:15
by KaeTuuN
Thank you very much, for your help. But it's still not working. :(
I did everything as you told me, but if I try to connect my Keystore with madsonic, the service won't start again.
I tried to import the Keystore to the .jar File as well as editing the madsonic.sh, adding

Code: Select all

-Dmadsonic.ssl.keystore=/usr/share/madsonic/madsonic.keystore
-Dmadsonic.ssl.password=<mypassword>
I don't know what else I can do. And without the Certificate the service is nearly useless for me. :(

Greetings Kae

Re: How to Import Let's Encrypt Certificates?

Posted: 22 Mar 2017, 13:29
by KaeTuuN

Code: Select all

=========================================================================================
 VERSION:      MADSONIC 6.2 | BUILD: 9040
 SERVLET:      TOMCAT 8
 SERVER:       CPU: Core i3-6100 | ARCH: X64 | MEMORY: 16GB | HDD: 6TB + 3TB | SSD: 128GB |
 OS:           Linux Mint 18.1 including Debian like hardening
 SYSTEM:       SERVER
 INSTALLER:    WAR File
 JAVA:         ORACLE JDK 1.8
 BROWSER:      does not matter
 CLIENT:       does not matter
 CERT FILES:   cert.pem | chain.pem | fullchain.pem | privkey.pem
=========================================================================================
That's my actual configuration.
I did the steps mentioned for the Keystore Explorer, but I don't know where to import it. I can't find any JAR or madsonic.sh file. :(

Thanks for help!
Kae

Re: How to Import Let's Encrypt Certificates?

Posted: 09 Apr 2017, 13:53
by gab
Hello everyone,

I also tried to import a Let's Encrypt certificate by genereting the keystore file and adding the "-Dmadsonic.ssl.keystore" and "-Dmadsonic.ssl.password" lines in my madsonic.sh file. But then madsonic is not working. Has someone an idea about the issue?

Thanks in advance.

Re: How to Import Let's Encrypt Certificates?

Posted: 03 May 2017, 01:20
by Zetlali
gab wrote:Hello everyone,

I also tried to import a Let's Encrypt certificate by generating the keystore file and adding the "-Dmadsonic.ssl.keystore" and "-Dmadsonic.ssl.password" lines in my madsonic.sh file. But then madsonic is not working. Has someone an idea about the issue?

Thanks in advance.
I tested this on ubuntu and had no issues. Some tips,

1. Create your keystore name as madsonic.keystore with a password of "madsonic".
2. In /usr/share/madsonic/madsonic.sh enable the SSL port:
  • MADSONIC_HTTPS_PORT=443
3. Add these two lines near the bottom of madsonic.sh
  • -Dmadsonic.ssl.keystore=/pathto/madsonic.keystore \
    -Dmadsonic.ssl.password=madsonic \
4. Restart services.

If you have an issue with the services starting, post the output of /var/madsonic/madsonic_sh.log