These steps will create a keystore file for your openhab server from the the Let’s Encrypt service and configure jetty to use it.
1) Get / install the lets encrypt program
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto
2) Create the ssl keys
./letsencrypt-auto certonly --standalone -d DOMAIN.TLD --email EMAIL@EMAIL.TLD
note: if it fails with a error that the domain can’t be validated, you may need to ensure port 443 is open
3) Create a PKCS12 file containing full chain and private key
Change to the directory ( /etc/letsencrypt/live/DOMAIN.tld) where the certificates were created.
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name NAME
4) Convert PKCS12 to Keystore
The STORE_PASS is the password which was entered in step 3) as a password for the pkcs12 file.
keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias NAME
5. Shut down openHAB
6. Backup [openhab dir]/etc/keystore
7. Copy the keystore.jks file to your openhab
cp keystore.jks [openhab]/etc/keystore.jks
8. prepare jetty.xml password
java -cp ./server/plugins/org.eclipse.jetty.util_8.1.3.v20120522.jar org.eclipse.jetty.util.security.Password passwd
passwd
OBF:1v2j1vu11ym71ym71vv91v1v
MD5:76a2173be6393254e72ffa4d6df1030a
If you are stuck at this point, your location for the jetty utils may be different. In Linux you may find the location by issuing (OH1.x) find / -name *jetty.util*
(OH2) find / -name *jetty-util*
. In windows use the search function.
9. update jetty.xml
Open jetty.xml in the [openhab]/etc/jetty.xml
find the ssl section, and update the passwords from the previous step & keystore file
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="port"><Property name="jetty.port.ssl" /></Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="Keystore"><Property name="jetty.home" default="." />/etc/keystore.jks</Set>
<Set name="Password">OBF:1v2j1vu11ym71ym71vv91v1v</Set>
<Set name="KeyPassword">OBF:1v2j1vu11ym71ym71vv91v1v</Set>
10. Start your openHAB
Hope this helps you