Let's Encrypt und Atlassian Confluence
1. Install Certbot
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
2. Tomcat modification
Add to server.xml
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>
This enables Tomcat to listen on Port 80.
Restart Tomcat
Open your firewall that Port 80 reaches your Confluence server.
3. Request your Certificate
certbot certonly --standalone -d confluence.yourdomain.com
4. Create P12 Certificate
openssl pkcs12 -export -out /tmp/confluence.p12 -in /etc/letsencrypt/live/confluence.yourdomain.com/fullchain.pem -inkey /etc/letsencrypt/live/confluence.yourdomain.com/privkey.pem -name tomcat
(Note your export Password - you need it later in step 6 and for your server.xml)
5. Prepare your Keystore
keytool -delete -alias tomcat -keystore <MY_KEYSTORE_FILENAME>
6. Import Let's Encrypt Certificate
keytool -importkeystore -deststorepass '1234' -destkeypass '1234' -destkeystore /opt/atlassian/confluence/ConfluenceKeyStore.jks -srckeystore /tmp/confluence.p12 -srcstoretype PKCS12 -srcstorepass '1234' -alias tomcat
7. Clean Up
Delete entry added in step 2 from server.xml and ckeck if the path to your new keystore and password are correct.
Restart confluence
Close Port 80 on your Firewall
