How to run HTTPS on spring boot with valid certificate

Port 80 should be open and free to use as Let's Encrypt runs a small http server behind the scene to prove whether you control your domain address (ACME protocol).

1. You need to fetch the source code of Let's Encrypt on your server which your domain address is pointing to. This step may take a couple minutes.
   
   $ git clone https://github.com/certbot/certbot 
   
   
   
   
   
   
   $ cd certbot
   
   
   
   
   
   
   $ ./certbot-auto --help
   
   
   Remark: Python 2.7.8 (or above) should be installed beforehand.
2. By executing following command in your terminal, Let's Encrypt generates certificates and a private key for you.
   $ ./certbot-auto certonly -a standalone \

        -d seeld.eu -d www.seeld.eu
   Keys are generated in /etc/letsencrypt/live/seeld.eu. Remark: 'certonly' - means that this command does not come with any special plugin like Apache or Nginx. 'standalone' -  means that Let's encrypt will automatically create a simple web server on port 80 to prove you control the domain.

How to Generate PKCS12 Files From PEM Files

Certificates and private keys are generated in 2 steps for free which shows the simplicity of Let's Encrypt. All of these generated materials are with PEM extension which is not supported in Spring Boot. Spring-Boot does not support PEM files generated by Let’s Encrypt. Spring Boot supports PKCS12 extension. Using OpenSSL, we convert our certificate and private key to PKCS12.

To convert the PEM files to PKCS12 version:

1. Go to /etc/letsencrypt/live/seeld.eu
2. We convert the keys to PKCS12 using OpenSSL in the terminal as follows.
   $ openssl pkcs12 -export -in fullchain.pem \ 

                    -inkey privkey.pem \ 

                    -out keystore.p12 

                    -name tomcat \

                    -CAfile chain.pem \

                    -caname root

The file 'keystore.p12' with PKCS12 is now generated in '/etc/letsencrypt/live/seeld.eu'.

Configuration of Your Spring Boot Application

Now we want to configure our Spring Boot application to benefit from the certificate and the private key; and eventually have the HTTPS thingy ready. At this moment, we already generated our certificate and private key. Then we converted the keys to PKCS12 extension which is ready to be used for a Spring application.

1. Open your 'application.properties'
2. Put this configuration there.
   server.port: 8443

   security.require-ssl=true

   server.ssl.key-store:/etc/letsencrypt/live/seeld.eu/keystore.p12

   server.ssl.key-store-password: <your-password>

   server.ssl.keyStoreType: PKCS12

   server.ssl.keyAlias: tomcat
   Remark'require-ssl' - means that your server only processes HTTPS-protected requests.

If you visit https://seeld.eu:8443, you can see that HTTPS is successfully configured and most importantly working. For the sake of our project, we did some additional steps to have HTTPS working with port 80, you can browse it with the https://seeld.eu URL.

Renewal Process

Let's Encrypt certificates are only valid for 90 days. Some may say 3 months is too short comparing to validity period of certificates offered by other providers. They have two motivations for this strict decision: (1) limiting damage from key compromise or mis-issuance; (2) encouraging automation. So let's get started!

1. Open your Let's Encrypt client directory, I mean the certbot. Remarks: On the same machine that certificates and keys are located. Please read all of the remarks from sections, such as having python installed, having port 80 open, etc.
2. Run the renew command as follows.

3. $ sudo ./certbot-auto renew

4. This command checks the expiry date of certificates located in this machine (managed by Let's Encrypt), and renew the ones that are either expired or about to expire.

We have new certificates, as simple as that!

As discussed in the section: Spring-Boot does not support PEM files generated by Let’s Encrypt. Spring Boot supports PKCS12 extension. Using OpenSSL, we convert our certificate and private key to PKCS12.

Preparation for Spring Boot

Let's create a PKCS#12 key store!

1. Go to /etc/letsencrypt/live/seeld.eu
2. We convert the keys to PKCS12 using OpenSSL in the terminal as follows.
   $ openssl pkcs12 -export -in fullchain.pem \ 

                    -inkey privkey.pem \ 

                    -out keystore.p12 

                    -name tomcat \

                    -CAfile chain.pem \

                    -caname root

The file ‘keystore.p12’ with PKCS12 is now generated in ‘/etc/letsencrypt/live/seeld.eu’.

But wait!

I assume the machine that you're woking on is the one with running Spring Boot. It means that we're not done yet! The previous ‘keystore.p12’ is still in the memory, meaning that you need to restart your application! 

It's not always viable to simply restart a running application. There might be other ways to update it without restarting but it's not in the scope of this post.

The Take-Home Message

In this post, we saw how to issue, renew a Let's Encrypt certificate, and most importantly, integrate it with Spring Boot. If you really don't unnecessarily play with configurations, it takes less than 5 minutes to have all things ready.

The main takeaway message for me is that Let's Encrypt makes (re-)issuing certificates incredibly faster, easier, and cheaper for everyone, no matter how many services you manage! You should start having HTTPS as soon as possible.

how i solved the problem of .htaccess not working properly

here is solution for ubuntu and apache

First enable module rewrite:

sudo a2enmod rewrite 


And restart apache

sudo systemctl restart apache2

Now edit for directory level

sudo vim /etc/apache2/sites-enabled/000-default.conf

add these lines at end


    AllowOverride All

and restart apache again.

sudo service apache2 restart

how I solved PHP Parse error: syntax error, unexpected end of file

Initially when I deployed my PHP code on ubuntu server, I asssumed whole PHP web application will work fine, but it was not.

I start getting this error PHP Parse error:  syntax error, unexpected end of file at Line 737.


After long introspection into code , executed following changes :


1. Open php.ini with nano in terminal

     

sudo nano /etc/php/php5.6/apache2/php.ini
2. Then change:

   short_open_tag = Off    to   short_open_tag = On



3.  Then save and then restart apache2:


  sudo systemctl restart apache2


4. Modify the .conf file


The first thing we must do is modify the main Apache 2 configuration file. To do this, open a terminal window and issue the command:


sudo nano /etc/apache2/apache2.conf


With apache2.conf open, all you have to do is add the following to the bottom of the file:



​SetHandler application/x-httpd-php

​

Save and close apache2.conf.


5. Enable/disable modules


In order to get PHP to function properly, you have to disable the mpm_event module and enable the mpm_prefork and php7 modules. To do this, go back to your terminal window and issue the command:


sudo a2dismod mpm_event && sudo a2enmod mpm_prefork && sudo a2enmod php7.0


6. Restart Apache 2


You're ready to restart Apache 2. Because we've disabled/enabled modules, we have to do a full restart of Apache 2 (instead of a reloading of the configuration files). To restart Apache, go back to the terminal window and issue the command:


sudo service apache2 restart


You should now be able to point a browser to a PHP file and watch it execute properly, as opposed to saving to your local drive or displaying code in your browser.


That's it—Apache 2 should be functioning exactly as you need.