Let's make the world a better place using digital technologies!

Securing Confluence with Letsencrypt Certificate

The whole proess can be summarized as:

  1. Create an entry in the apache site configuration file.
  2. Get a new Letsencrypt certificate for the subdomain.
  3. Update Tomcat server.xml with appropriate connector information.

As the first step, create an entry in the sites-enabled folder in the appropriate sites file:

<VirtualHost *:443>
        ServerName   sub.domain.com
        DocumentRoot /var/www/
        ProxyPreserveHost On 
        ProxyPass /.well-known !
        ProxyPass / http://10.0.0.host:port/
        ProxyPassReverse / http://10.0.0.host:port/

        Include   /etc/path-to/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/path-to/letsencrypt/live/sub.domain.com/fullchain.pem
 SSLCertificateKeyFile /etc/path-to/letsencrypt/live/sub.domain.com/privkey.pem

Now create a new certificate by using following commands:

First list all the existing certificates:

certbot certificates

Now expand the certificates by adding the new subdomain (sub.domain.com)

certbot --expand -d domain.com,sub1.domain.com,sub.domain.com

Now edit confluence conf file, normally found to be here:

emacs /opt/atlassian/confluence/conf/server.xml

And comment/uncomment appropriate connector, updating:

scheme="https" secure="true" proxyName="sub.domain.com" proxyPort="443"/>

That’s all. Restart apache and confluence and you should be able to access a secure confluencce with the added benefit that the certificate will be auto-renewed alongwith other certificates via certbot cron job.



View more posts from this author

Leave a Reply

Your email address will not be published. Required fields are marked *