This simple set of code implements the logic to watch the SSL key file being used by the SslContextFactory in Jetty and when the file changes, calls the SslContextFactory.reload() method to load the new keys. The intention of this module is for it to be used to support the use of LetsEncrypt SSL keys using the simple command line script provided by certbot. Since LetsEncrypt SSL keys expire in 90 days, it is necessary to implement an automated mechanism for updating the keys.
Thanks go to Daniel Flower for his original post, LetsEncrypt certs with embedded Jetty, outlining the basic ideas of automating using LetsEncrypt SSL keys in Jetty.
This module is not set up with a clean automated installation process at this point. But, manual usage is simple enough...
Jetty Version: > 9.4.x (build and tested using 9.4.14.v20181114)
Java Version: > 1.8
-
Build the module using Maven;
mvn clean package
-
Copy the JAR file to the $JETTY_BASE/lib/ folder;
cp target/reload_sslkey_module-1.0.jar $JETTY_BASE/lib/
-
Copy the module definition to $JETTY_BASE/modules/;
cp src/main/resources/reload-ssl-keys.mod $JETTY_BASE/modules/
-
Copy the XML file to $JETTY_BASE/etc/;
cp src/main/resources/reload-ssl-keys.xml $JETTY_BASE/etc/
-
Create a .ini file in the $JETTY_BASE/start.d/ directory; for example
$JETTY\_BASE/start.d/reload-ssl-keys.ini
. The contents of this file should be;
### Reload SSL Keys Configuration
--module=reload-ssl-keys
For more information on configuring Jetty see the Current Jetty Documentation, particularly Chapter 3. An Introduction to Jetty Configuration.