How to Import Let's Encrypt Certificates?

Need help? Post your questions here.
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

How to Import Let's Encrypt Certificates?

Unread post by KaeTuuN »

Hi everyone,

I'm using a SSL Certificate from letsencrypt. org and I don't know how to import it into Madsonic.
I've found the following guide to import a StartSSL certificate: http://forum.subsonic.org/forum/viewtop ... 77&p=44021
But I'm not able to use this Manual to Import the Let's Encrypt Certificates.
I hope that someone can help me.

Here ist my configuration:

Code: Select all

=========================================================================================
 VERSION:           MADSONIC 6.0 | BUILD: 7820
 SERVER:            CPU: CORE i3-4130 | ARCH: X64 | MEMORY: 8GB | HDD: 6TB | SSD: 512GB
 OS:                LINUX MINT 17.3
 SYSTEM:            SERVER
 INSTALLER:         DEB
 JAVA:              OPEN JDK 1.7
 BROWSER:           ALL
 Certificate Files: cert.pem | chain.pem | fullchain.pem | privkey.pem
=========================================================================================
Greetings
Kae
(Why the **** am I not allowed to post Links!?)
Zetlali
Posts: 7
Joined: 09 May 2013, 21:28
Has thanked: 1 time
Been thanked: 6 times

Re: How to Import Let's Encrypt Certificates?

Unread post by Zetlali »

Let's Encrypt doesn't utilize a password when the certificate is generated. So you basically need to create a new keystore, import the keypair (cert.pem and privkey.pem), and then append your certificate chain. On Windows, I just use Keystore Explorer. It makes this whole process take like 6 seconds and I don't need to remember all the command line crap.

Instructions using Keystore Explorer:

1. Open Keystore Explorer and select "Create a new Keystore"
2. Select "JKS"
3. Right Click in the blank space (or hit Ctrl K) and choose "Import KeyPair"
4. Select "PKCS #8"
5. Uncheck "Encrypt Private Key" then
6. For "PKCS #8 Private Key File" choose your privkey.pem
7. For "Certificate File" choose cert.pem
8. Click Import.
9. It will ask you to select an Alias. (It defaults to your domain) Based on the linux instructions you provided, you may want to use subsonic
10. It will ask you to create a keypair password. (Use subsonic based on the instructions you linked)
11. You should now have an entry with whatever Alias you used. Right click on the entry and choose "Edit Certificate Chain" > "Append Certificate."
12. Select your chain.pem
13. Save the file when finished. (e.g. madsonic.keystore) It will ask you to create a Keystore Password. (Use madsonic based on the instructions you linked.)

Once you have the keystore, you can replace the madsonic.keystore in madsonic-booter.jar.

On Windows you don't actually need to mess with the jar files. You can just edit madsonic-service.exe.vmoptions and add these two lines:

-Dmadsonic.ssl.keystore=C:\madsonic\mykeystore.keystore
-Dmadsonic.ssl.password=yourpassword

I imagine on Linux there is a similar configuration option.
These users thanked the author Zetlali for the post (total 4):
miso2004KaeTuuNMadsonicMatt Zornig
Rating: 30.77%
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

Re: How to Import Let's Encrypt Certificates?

Unread post by KaeTuuN »

Thank you very much, for your help. But it's still not working. :(
I did everything as you told me, but if I try to connect my Keystore with madsonic, the service won't start again.
I tried to import the Keystore to the .jar File as well as editing the madsonic.sh, adding

Code: Select all

-Dmadsonic.ssl.keystore=/usr/share/madsonic/madsonic.keystore
-Dmadsonic.ssl.password=<mypassword>
I don't know what else I can do. And without the Certificate the service is nearly useless for me. :(

Greetings Kae
KaeTuuN
Posts: 40
Joined: 09 Feb 2015, 23:30
Has thanked: 5 times
Been thanked: 18 times

Re: How to Import Let's Encrypt Certificates?

Unread post by KaeTuuN »

Code: Select all

=========================================================================================
 VERSION:      MADSONIC 6.2 | BUILD: 9040
 SERVLET:      TOMCAT 8
 SERVER:       CPU: Core i3-6100 | ARCH: X64 | MEMORY: 16GB | HDD: 6TB + 3TB | SSD: 128GB |
 OS:           Linux Mint 18.1 including Debian like hardening
 SYSTEM:       SERVER
 INSTALLER:    WAR File
 JAVA:         ORACLE JDK 1.8
 BROWSER:      does not matter
 CLIENT:       does not matter
 CERT FILES:   cert.pem | chain.pem | fullchain.pem | privkey.pem
=========================================================================================
That's my actual configuration.
I did the steps mentioned for the Keystore Explorer, but I don't know where to import it. I can't find any JAR or madsonic.sh file. :(

Thanks for help!
Kae
gab
Posts: 1
Joined: 09 Apr 2017, 13:31
Has thanked: 0
Been thanked: 0

Re: How to Import Let's Encrypt Certificates?

Unread post by gab »

Hello everyone,

I also tried to import a Let's Encrypt certificate by genereting the keystore file and adding the "-Dmadsonic.ssl.keystore" and "-Dmadsonic.ssl.password" lines in my madsonic.sh file. But then madsonic is not working. Has someone an idea about the issue?

Thanks in advance.
Zetlali
Posts: 7
Joined: 09 May 2013, 21:28
Has thanked: 1 time
Been thanked: 6 times

Re: How to Import Let's Encrypt Certificates?

Unread post by Zetlali »

gab wrote:Hello everyone,

I also tried to import a Let's Encrypt certificate by generating the keystore file and adding the "-Dmadsonic.ssl.keystore" and "-Dmadsonic.ssl.password" lines in my madsonic.sh file. But then madsonic is not working. Has someone an idea about the issue?

Thanks in advance.
I tested this on ubuntu and had no issues. Some tips,

1. Create your keystore name as madsonic.keystore with a password of "madsonic".
2. In /usr/share/madsonic/madsonic.sh enable the SSL port:
  • MADSONIC_HTTPS_PORT=443
3. Add these two lines near the bottom of madsonic.sh
  • -Dmadsonic.ssl.keystore=/pathto/madsonic.keystore \
    -Dmadsonic.ssl.password=madsonic \
4. Restart services.

If you have an issue with the services starting, post the output of /var/madsonic/madsonic_sh.log
These users thanked the author Zetlali for the post:
Madsonic
Rating: 7.69%
Post Reply