Thanks to Stratehm on an older post found here : SSL with OpenHAB2 - #2 by Stratehm
I now have the basic Jetty setup running with a signed certificate on OH 2.1. The approach is more or less the same as above except, skip steps 4, 7, 8 & 9, you don’t overwrite the existing keystore container file you ‘delete’ the ‘mykey’ alias inside the OH keystore file then import your new one.
Instead of step 7 do these two, delete the old certificate:
keytool -delete -alias mykey -keystore /OpenHAB2InstallDir/etc/keystore
Add your own certificate straight from the pkcs.p12 file:
keytool -importkeystore -srckeystore /etc/letsencrypt/live/DOMAIN.tld/pkcs.p12 -srcstoretype pkcs12 -destkeystore /OpenHAB2InstallDir/etc/keystore -deststoretype jks -deststorepass openhab -destalias mykey
rm /etc/letsencrypt/live/DOMAIN.tld/pkcs.p12
Passwords are ‘openhab’ or assumed to be.