AAber · March 24, 2020 06:56
diff --git a/FreeSSLcertificate2JavaKeystore.sow.txt b/FreeSSLcertificate2JavaKeystore.sow.txt
 ## == Certificate for any setup for free (4 months) == ##
 ## 1. Open http and https from all the world to the host 

 ## == For openvpn server == ##
 # systemctl stop openvpnas.service

 ## 2. Become root and run let's encrypt docker tool
 $ sudo -i
 # export [email protected]
 # export DNSNAME=myhost.mydomain.com
 # docker run --rm -p 443:443 -p 80:80 --name letsencrypt -v "/etc/letsencrypt:/etc/letsencrypt"  -v "/var/lib/letsencrypt:/var/lib/letsencrypt"  certbot/certbot  certonly -n -m $LETSENCRYPT_EMAIL -d $DNSNAME --standalone --agree-tos

 ## 3. Close http and https from all the world
 ## 4. Result:
 ubuntu@myhost:~$ ls /etc/letsencrypt/live/myhost.mydomain.com/
 README  cert.pem  chain.pem  fullchain.pem  privkey.pem

 ## == Add certificate to Nexus == ##
 ## 1. Convert certificate to pkcs12, use password changeit for all password prompts
 ubuntu@myhost:~$ openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.pkcs12
 ## 2. Create keystore from cert.pkcs12
 ubuntu@myhost:~$ keytool -importkeystore -destkeystore keystore.jks -srckeystore cert.pkcs12 -srcstoretype PKCS12
 ## 3. Use new keystore keystore.jks with you Nexus 3.2.0 docker
 ubuntu@myhost:~$ docker run -d -p 8443:8443 -p 80:8081 -p 5000:5000 -p 5001:5001 -p 2375:2375 --name nexus -v /home/ubuntu/nexus_data:/nexus-data -v /home/ubuntu/keystore.jks:/nexus-data/keystore.jks -e JKS_PASSWORD="changeit" -e JAVA_MAX_MEM=2048M clearent/nexus:3.2.0-01
	## == Certificate for any setup for free (4 months) == ##
	## 1. Open http and https from all the world to the host

	## == For openvpn server == ##
	# systemctl stop openvpnas.service

	## 2. Become root and run let's encrypt docker tool
	$ sudo -i
	# export [email protected]
	# export DNSNAME=myhost.mydomain.com
	# docker run --rm -p 443:443 -p 80:80 --name letsencrypt -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly -n -m $LETSENCRYPT_EMAIL -d $DNSNAME --standalone --agree-tos

	## 3. Close http and https from all the world
	## 4. Result:
	ubuntu@myhost:~$ ls /etc/letsencrypt/live/myhost.mydomain.com/
	README cert.pem chain.pem fullchain.pem privkey.pem

	## == Add certificate to Nexus == ##
	## 1. Convert certificate to pkcs12, use password changeit for all password prompts
	ubuntu@myhost:~$ openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.pkcs12
	## 2. Create keystore from cert.pkcs12
	ubuntu@myhost:~$ keytool -importkeystore -destkeystore keystore.jks -srckeystore cert.pkcs12 -srcstoretype PKCS12
	## 3. Use new keystore keystore.jks with you Nexus 3.2.0 docker
	ubuntu@myhost:~$ docker run -d -p 8443:8443 -p 80:8081 -p 5000:5000 -p 5001:5001 -p 2375:2375 --name nexus -v /home/ubuntu/nexus_data:/nexus-data -v /home/ubuntu/keystore.jks:/nexus-data/keystore.jks -e JKS_PASSWORD="changeit" -e JAVA_MAX_MEM=2048M clearent/nexus:3.2.0-01