Camunda Platform Run with Let's Encrypt

I was recently asked “has anyone used BPM Run on its own with Let’s Encrypt?” and, since I’m doing that, I can answer!

In case you’re trying to do this too:

You need to package the LetsEncrypt stuff up as a pkcs12 keystore:
The following command is what you need in order to do that:
openssl pkcs12 -export -out certificate.p12 -inkey /etc/letsencrypt/live/<server-name>/privkey.pem -in /etc/letsencrypt/live/<server-name>/cert.pem -certfile /etc/letsencrypt/live/<server-name>/chain.pem

Which will create the certificate.p12 file. Then add:

  key-store: classpath:certificate.p12
  key-store-password: <password>
  key-store-type: pkcs12
  key-alias: <server alias>
  key-password: <password>
port: 8443

Or whatever port you want to your configuration/production.yml file (or default.yml if you want.

The certificate.p12 file should be in your configuration/keystore directory in order to be found.

Hope this helps someone!