LetsEncrypt:LetsEncrypt

时间:2016-11-04 12:07:37

标签: java ssl lets-encrypt etherpad

我们目前正在使用LetsEncrypt SSL证书并且它运行良好。经过一些修改后,我们也可以将它拉入Tomcat和Apache Web服务器。

目前,我们希望将LetsEncrypt证书添加到Etherpad,它需要intermediate CA个文件。如何从LetsEncrypt提供的4个证书文件中获取这些文件。谢谢..

LetsEncrypt SSL设置:

 "ssl" : {
            "key"  : "/path-to-your/epl-server.key",
            "cert" : "/path-to-your/epl-server.crt",
            "ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"]
          },

在上面的配置中,我假设Key是privkey.pem转换为.key文件,而.crt是cert.pem转换为cert.crt。 CA的内容是什么?

谢谢。

更新

设置:

 "ssl" : {
            "key"  : "/etc/letsencrypt/live/www.project_name.de-0001/private.key",
            "cert" : "/etc/letsencrypt/live/www.project_name.de-0001/cert.crt",
            "ca": "/etc/letsencrypt/live/www.project_name.de-0001/root.crt"
          },

尝试按键时的错误日志:

[2016-11-04 13:25:15.612] [INFO] console - Report bugs at https://github.com/ether/etherpad-lite/issues
[2016-11-04 13:25:15.612] [INFO] console - Your Etherpad version is 1.6.0 (7dd934f)
[2016-11-04 13:25:15.613] [INFO] console - SSL -- enabled
[2016-11-04 13:25:15.613] [INFO] console - SSL -- server key file: /etc/letsencrypt/live/www.project_name.de-0001/private.key
[2016-11-04 13:25:15.614] [INFO] console - SSL -- Certificate Authority's certificate file: /etc/letsencrypt/live/www.project_name.de-0001/cert.crt
[2016-11-04 13:25:15.615] [ERROR] console - Error: EISDIR: illegal operation on a directory, read

1 个答案:

答案 0 :(得分:1)

在与chain.pem相同的目录中应该有一个名为cert.pem的文件,其中包含直到根CA的证书链(对于我的证书,它只有一个证书,但这可能会在未来),应该是你要求的。

$ ls live/my.domain.com/
cert.pem  chain.pem  fullchain.pem  privkey.pem

我不熟悉Etherpad,但我的猜测是你应该这样配置:

 "ssl" : {
            "key"  : "/etc/letsencrypt/live/www.project_name.de-0001/private.key",
            "cert" : "/etc/letsencrypt/live/www.project_name.de-0001/cert.pem",
            "ca": "/etc/letsencrypt/live/www.project_name.de-0001/chain.pem"
          },