Securing Confluence with Letsencrypt Certificate

The whole proess can be summarized as:

  1. Create an entry in the apache site configuration file.
  2. Get a new Letsencrypt certificate for the subdomain.
  3. Update Tomcat server.xml with appropriate connector information.

As the first step, create an entry in the sites-enabled folder in the appropriate sites file:

<VirtualHost *:443>
        DocumentRoot /var/www/
        ProxyPreserveHost On 
        ProxyPass /.well-known !
        ProxyPass /
        ProxyPassReverse /

        Include   /etc/path-to/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/path-to/letsencrypt/live/
 SSLCertificateKeyFile /etc/path-to/letsencrypt/live/

Now create a new certificate by using following commands:

First list all the existing certificates:

certbot certificates

Now expand the certificates by adding the new subdomain (

certbot --expand -d,,

Now edit confluence conf file, normally found to be here:

emacs /opt/atlassian/confluence/conf/server.xml

And comment/uncomment appropriate connector, updating:

scheme="https" secure="true" proxyName="" proxyPort="443"/>

That’s all. Restart apache and confluence and you should be able to access a secure confluencce with the added benefit that the certificate will be auto-renewed alongwith other certificates via certbot cron job.