I was recently asked “has anyone used BPM Run on its own with Let’s Encrypt?” and, since I’m doing that, I can answer!
In case you’re trying to do this too:
You need to package the LetsEncrypt stuff up as a pkcs12 keystore:
The following command is what you need in order to do that:
openssl pkcs12 -export -out certificate.p12 -inkey /etc/letsencrypt/live/<server-name>/privkey.pem -in /etc/letsencrypt/live/<server-name>/cert.pem -certfile /etc/letsencrypt/live/<server-name>/chain.pem
Which will create the certificate.p12 file. Then add:
ssl:
key-store: classpath:certificate.p12
key-store-password: <password>
key-store-type: pkcs12
key-alias: <server alias>
key-password: <password>
port: 8443
Or whatever port you want to your configuration/production.yml file (or default.yml if you want.
The certificate.p12 file should be in your configuration/keystore directory in order to be found.
Hope this helps someone!
dg