问题
I want to use certificates from Let's Encrypt with a large count of Jetty servers. One of the problems is that the certificates from Let's Encrypt has a lifetime of 90 days.
To handle this the Jetty server or some extra code must renew the certificate frequently.
- Can Jetty handle this self? If yes how can I enable this?
- If I need to implement it self with a Java client then how can I replace the certificate dynamically via Jetty API without a restart of the Jetty server?
Edit: Some related and partial helpful links:
- setting ssl keystore at runtime in Jetty
- Changing Jetty SSL server certificate on-the-fly
回答1:
Since version 9.3.15 you can use:
SslContextFactory.reload(Consumer<SslContextFactory>)
For details see at: https://github.com/eclipse/jetty.project/issues/918
来源:https://stackoverflow.com/questions/39427066/how-to-use-jetty-with-lets-encrypt-certificates