B4J Library [DEPRECIATED] ABACMEClient [BETA] Use ABKeystoreSSL instead.

DEPRECIATED: Use ABKeystoreSSL instead https://www.b4x.com/android/forum/t...tificate-generator-using-lets-encrypt.128115/

-----------------------------------------------

This is a library to create HTTPS credentials for jServer Web Apps.

As I'm currently blocked for some time from Let's Encrypt because I did to many requests, this is just a beta you can test.

Save the generated user.key and domain.key in a secure place! IF YOU LOSE THEM, THERE IS NO WAY TO RECOVER YOUR ACCOUNT!

1. You must have a domain and a web server like Apache running on port 80!
2. Copy ALL the files in the .zip to your Additional Libraries folder

Usage (just an non-UI B4J app e.g. called Maker):

Sub AppStart (Args() As String)
    Dim client As ABACMEClient
    ' needs to be the 'entry point' in your webserver (NOT your B4X app). In my case it was var/www/html and not var/www/)
    ' MUST be accessible on port 80
    client.Initialize("./html/")

    Dim domains As List
    domains.Initialize
    domains.Add("banano.always-busy.com")

    ' to prevent the code to run when compiling on release. args can be anything when you run it from your server
    If Args.Length > 0 Then
        ' will print whatever you have added
        Log(Args(0))
        ' using the real Let's Encrypt production server
        Log(client.fetchCertificate(domains, "keystore", "01234", "56789", True))
    Else
        ' using the developers server of Let's Encrypt
        Log(client.fetchCertificate(domains, "keystore", "01234", "56789", False))
    End If
End Sub

This app was placed in the /var/www/ folder and then started with 'java -jar maker.jar somethingtotriggertheargs'

It will create a keystore.jks file that you can use in your jServer Web App (or ABMaterial):

Server.StartServerHTTP2("keystore.jks", "01234", "56789")

NOTE: credentials created in developers mode will show in the browser as not correct, but still run in HTTP/2 mode. This is a Let's encrypt limitation.
Also, READ THE LOGS. There is important info in it (and you can ignore the ones about SLF4J, this is because I show the logs in the B4J pane)

Download: http://gorgeousapps.com/ABACMEClient.zip

Alwaysbusy

 

[OliverA]

Is this good for renewals too? Or are renewals just "new" certificates for the same domain with new expiration date?

 

[alwaysbusy]

According to the lib I wrapped you just need to do the same for a renewal so I suppose the second case (unless they do something different internal).

From the lib: A certificate can be renewed a few days before its expiry. There is no explicit method for certificate renewal. To renew it, just order the certificate again.

You do have to use the same user.key file created the first time, so maybe that does something.

 

[OliverA]

Next dumb question: where do I need to place the existing user.key files for renewal?

 

[alwaysbusy]

same place as where it was generated, so next to the jar that makes it. I haven't had the opportunity myself to test out what it does.

 

[alwaysbusy]

it is possible I will need to make some modifications to get everything right (e.g. with the user.key file). Main target of this beta was: can I get the chain completed to use it directly with a jServer.