There should be a Let's Encrypt sample, with HTTPS (and H2) wired up.

[ohpauleez]

The standalone use of keytool is straightforward and well documented, but obtaining certs from Let's Encrypt, converting them, and processing them with keytool is a little more involved.

Now that Let's Encrypt is recognized by the JVM and Chrome is going to start issuing warnings for unencrypted sites, it'd be nice to have the process documented and scripted for Pedestal users.

See this letsencrypt/certbot issue and this blog post

[jamesdavidson]

This is how I got it working using less-awful-ssl:

(require 'less.awful.ssl)

(def ssl-context-factory
  (doto (new org.eclipse.jetty.util.ssl.SslContextFactory)
    (.setKeyStore (less.awful.ssl/key-store "/etc/letsencrypt/live/example.com/privkey.pem"
                                            "/etc/letsencrypt/live/example.com/fullchain.pem"))
    (.setKeyStorePassword (apply str less.awful.ssl/key-store-password))
    (.setCipherComparator HTTP2Cipher/COMPARATOR)
    (.setUseCipherSuitesOrder true)))

(def service
  {:env :prod
   ::http/routes routes
   ::http/resource-path "/public"
   ::http/type :jetty
   ::http/host "0.0.0.0"
   ::http/port 8080
   ::http/container-options {:h2c? false
                             :h2? true
                             :ssl-context-factory ssl-context-factory
                             :ssl-port 8443
                             :ssl? true}})