Renew LetsEncrypt Certificate for Oracle Apex

In my previous article I showed you how to use Letsencrypt to secure a production Apex instance. This is specially important when you have a webfacing Apex instance. Only issue with Letsencrypt free SSL certificates is that it expires in 6 months, so it has to be renewed.

Though letsencrypt certificate have an automatic way to renew the SSL certificates I always prefer to do it manually, specially when it is for a production instance.

Lets go ahead and renew the SSL certificates which was created in previous article

Step 1. Renew Letsecnrypt certificate

$ cd /etc/letsencrypt/

$ ./certbot-auto certonly --force-renew --webroot /home/whadev/public_html --cert-name whadev.whitehat-staging.com.au

Input the webroot for whadev.whitehat-staging.com.au: (Enter ‘c’ to cancel): /home/whadev/public_html
Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/whadev.whitehat-staging.com.au/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/whadev.whitehat-staging.com.au/privkey.pem
Your cert will expire on 2019-04-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Go to directory /etc/letsencrypt/live/whadev.whitehat-staging.com.au to verify

Step 2. Generate a new PFX file, with certificates already renewed by certbot

$ cd /etc/letsencrypt/live/whadev.whitehat-staging.com.au

$ openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:yourpassword

Step 3. Copy the PFX file to the directory of Apache Tomcat (optional step since my Tomcat 9 is installed with another user)

$ cp -p /etc/letsencrypt/live/whadev.whitehat-staging.com.au/bundle.pfx /home/oracle/apache-tomcat/webapps

Step 4. Restart Apache Tomcat

Now you can see the Lets encrypt certificate is renewed on your site

Category: ApexDatabaseLinux

Tags:

Leave a Reply

Article by: Shadab Mohammad