Dienstag, 3. November 2020

Atlassian Confluence SSL with Let'sEncrypt Certificates

 Let's Encrypt und Atlassian Confluence

1. Install Certbot

sudo snap install core; sudo snap refresh core

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

2. Tomcat modification

Add to server.xml

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>

This enables Tomcat to listen on Port 80.

Restart Tomcat

Open your firewall that Port 80 reaches your Confluence server.

3. Request your Certificate

certbot certonly --standalone -d confluence.yourdomain.com

4. Create P12 Certificate

openssl pkcs12 -export -out /tmp/confluence.p12 -in /etc/letsencrypt/live/confluence.yourdomain.com/fullchain.pem -inkey /etc/letsencrypt/live/confluence.yourdomain.com/privkey.pem -name tomcat

(Note your export Password - you need it later in step 6 and for your server.xml)

5. Prepare your Keystore

keytool -delete -alias tomcat -keystore <MY_KEYSTORE_FILENAME>

6. Import Let's Encrypt Certificate

 keytool -importkeystore -deststorepass '1234' -destkeypass '1234' -destkeystore /opt/atlassian/confluence/ConfluenceKeyStore.jks -srckeystore /tmp/confluence.p12 -srcstoretype PKCS12 -srcstorepass '1234' -alias tomcat

7. Clean Up

Delete entry added in step 2 from server.xml and ckeck if the path to your new keystore and password are correct.

Restart confluence

Close Port 80 on your Firewall