Notes about setting up HTTPS on websites using LetEncrypt and certbot

As a note to self, I added SSL/TLS certificates to a couple of websites using LetEncrypt. Here are a couple of notes about the process:

The keytool password for the Java security cacerts file is ...

In case you ever need to manually a certificate to your ${JAVA_HOME}/jre/lib/security/cacerts file, it turns out the password for that file when using the Java keytool command is changeit.

To add a certificate to that file, you’ll want to use a command like this:

keytool \
    -import \
    -alias "" \
    -keystore ${JAVA_HOME}/jre/lib/security/cacerts \

I had to do this today for a Java/Scala script that accesses an HTTPS URL, and the site I’m accessing uses a “Let’s Encrypt” certificate.

HTTPS for everyone

July 22, 2017 will go down as the day I (finally) switched this website to using HTTPS instead of HTTP. (See the padlock icon in the URL field of your browser.) I’ve been using a self-signed certificate to log in to this site for a long time, but yesterday I finally switched to “HTTPS for everyone.”

Notes on how to configure HTTPS/SSL with Nginx (on a Linode Ubuntu server)

Table of Contents1 - Summary2 - New Linode Server3 - Update Everything4 - Ubuntu Firewall5 - Add a New User6 - Disabling Root Login (sshd_config)7 - Limit Login Attempts (sshd_config)8 - Install Nginx and MySQL9 - Adjust Firewall10 - Nginx Configuration11 - Installing Java on Ubuntu12 - NOT what I used: Let’s Encrypt on Ubuntu 16.0413 - (1) Create a cert (openssl)14 - (2) Create a strong Diffie-Hellman group15 - (3) Configure Nginx to Use SSL16 - Adjust the Nginx Configuration to Use SSL17 - (Alternative Configuration) Allow Both HTTP and HTTPS Traffic18 - Adjust the Firewall19 - Enable the Changes in Nginx20 - Test in Browser21 - Nginx "default_server"22 - Can change to a permanent redirect (301)23 - More Security: Preventing Information Disclosure24 - More Security: Fail2Ban25 - Restricting Access by IP Address26 - See also

Without any introduction or discussion, here are the notes I made while learning how to get HTTPS working with Nginx. These are just for me, but if something helps you, cool.

A Java HTTPS client example

Java HTTPS client FAQ: Can you share some source code for a Java HTTPS client application?

Sure, here's the source code for an example Java HTTPS client program I just used to download the contents of an HTTPS (SSL) URL. I actually found some of this in a newsgroup a while ago, but I can't find the source today to give them credit, so my apologies for that.