B4J Question Jetty Server - HTTPS - Certbot - LetsEncrypt - Jetty or Apache

lip

Active Member
Licensed User
I am running a server on a raspberry pi. It serves a Webpage for control but the main function is to co-ordinate other Rapsberry Pi's online using Websockets.

I need the server to be secure but failing miserably...

I got a domain name, pointed it to my external IP, port forwarded port 80 and 443 to my internal local fixed IP address and can connect externally.

I self-signed a certificate directly into the keystore on the pi server and configured SSL in the B4J code to use that keystore. I could then connect directly to the server using https but with a warning that the certificate could not be verified. The SHA1 fingerprint in the keystore had an alias of 'jetty' (not sure if that is relevant).

I have now got a 'real' certificate from LetsEncrypt as a file PiCertificate.cer I used "keytool -import" to add this to the keystore. Using keytool -list I can see a new entry with alias 'mykey'. However, an external connection still used the previous self-signed entry.

I deleted the old keystore entry and renamed the alias for my LetsEncrypt entry as 'jetty'

An external connection connection to https:// now gives a message: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.

I am starting to wonder of the LetsEncrypt certificate is valid for jetty? Or if I have to do more than just import it into the keystore?
 

lip

Active Member
Licensed User
Thanks Erel. I had read and tried to follow this thread before but failed. This time, because you had pointed me there, I persevered and it worked insofar as I can browse to the server securely. However, I am now struggling with wss:// connections to the server from raspberry pi clients running B4J. Strangely, my Tablets running B4A WILL connect to the server using the wss:// prefix.

This works on B4J Pi to Unsecured Server:
B4X:
wshRemote.Connect(ws://sub.domain.com/wsc?SN=12345)
This does NOT work on B4J Pi to Secured Server
B4X:
wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
This DOES work from B4A Tablet to Secure Server
B4X:
wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
The error message when connecting from Pi to Secure Server is:-

org.eclipse.jetty.websocket.api.UpgradeException: 0 null
at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:513)
at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:193)
at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:185)
at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:459)
at org.eclipse.jetty.client.HttpReceiver.abort(HttpReceiver.java:540)
at org.eclipse.jetty.client.HttpChannel.abortResponse(HttpChannel.java:129)
at org.eclipse.jetty.client.HttpSender.terminateRequest(HttpSender.java:376)
at org.eclipse.jetty.client.HttpSender.abort(HttpSender.java:561)
at org.eclipse.jetty.client.HttpSender.anyToFailure(HttpSender.java:345)
at org.eclipse.jetty.client.HttpSender$CommitCallback.failed(HttpSender.java:712)
at org.eclipse.jetty.client.http.HttpSenderOverHTTP$HeadersCallback.failed(HttpSenderOverHTTP.java:303)
at org.eclipse.jetty.io.WriteFlusher$PendingState.fail(WriteFlusher.java:262)
at org.eclipse.jetty.io.WriteFlusher.onFail(WriteFlusher.java:491)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint$FailWrite.run(SslConnection.java:1229)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:673)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:591)
 

lip

Active Member
Licensed User
Thanks Erel. I had read and tried to follow this thread before but failed. This time, because you had pointed me there, I persevered and it worked insofar as I can browse to the server securely. However, I am now struggling with wss:// connections to the server from raspberry pi clients running B4J. Strangely, my Tablets running B4A WILL connect to the server using the wss:// prefix.

This works on B4J Pi to Unsecured Server:
B4X:
wshRemote.Connect(ws://sub.domain.com/wsc?SN=12345)
This does NOT work on B4J Pi to Secured Server
B4X:
wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
This DOES work from B4A Tablet to Secure Server
B4X:
wshRemote.Connect(wss://sub.domain.com/wsc?SN=12345)
The error message when connecting from Pi to Secure Server is:-

org.eclipse.jetty.websocket.api.UpgradeException: 0 null
at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:513)
at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:193)
at org.eclipse.jetty.client.ResponseNotifier.notifyComplete(ResponseNotifier.java:185)
at org.eclipse.jetty.client.HttpReceiver.terminateResponse(HttpReceiver.java:459)
at org.eclipse.jetty.client.HttpReceiver.abort(HttpReceiver.java:540)
at org.eclipse.jetty.client.HttpChannel.abortResponse(HttpChannel.java:129)
at org.eclipse.jetty.client.HttpSender.terminateRequest(HttpSender.java:376)
at org.eclipse.jetty.client.HttpSender.abort(HttpSender.java:561)
at org.eclipse.jetty.client.HttpSender.anyToFailure(HttpSender.java:345)
at org.eclipse.jetty.client.HttpSender$CommitCallback.failed(HttpSender.java:712)
at org.eclipse.jetty.client.http.HttpSenderOverHTTP$HeadersCallback.failed(HttpSenderOverHTTP.java:303)
at org.eclipse.jetty.io.WriteFlusher$PendingState.fail(WriteFlusher.java:262)
at org.eclipse.jetty.io.WriteFlusher.onFail(WriteFlusher.java:491)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint$FailWrite.run(SslConnection.java:1229)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:673)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:591)
 
Top