Jenkins (standalone) SSL + Let's Encrypt

Jenkins

In this tutorial, I will show how to use Let's Encrypt free SSL with a standalone Jenkins in Ubuntu 16.04.

 

Installation of certbot and jenkins are not included in this tutorial.

 

Generate Certificates

Run the command to generate the certificate and key files.

sudo certbot certonly --standalone --preferred-challenges http -d example.com

You should get this response:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-02-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Just in case you got this response:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

You need to stop your web server and try again.

 

Convert the certificate to JKS keystore

Go to your certificate folder

cd /etc/letsencrypt/live/example.com

And execute this command to convert the certificate to PKCS12 file first

openssl pkcs12 -inkey privkey.pem -in cert.pem -export -out keys.pkcs12

Then convert to JKS file

keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks

 

Set Jenkins configuration to use the SSL

Edit the Jenkins config file

vim /etc/default/jenkins

Look for JENKINS_ARGS and update the value to this:

JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=PASSWORD_SET_ON_CONVERT_TO_JKS"

Restart jenkins

sudo service jenkins restart

 

Add new comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.