How to configure a Play application to use Let's Encrypt certificate?

Question

Once I obtain the certificate, how do I generate a JKS key store from it?

How do I configure the Play application to use this key store?

Anything else I need

Answer 1

I searched in various forums, in the end I came up with a very fast (and almost automated) solution: First, as on the letsencrypt website they suggest, run these:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot 

then run

sudo certbot certonly --standalone -d domain.name.com

(for wildcards it's a bit more complicated, but the remainder of this procedure should be the same)

at this point it should tell you where the keys are, on some directory like /etc/letsencrypt/live/domain.name.com/*.pem (three keys: fullchain, privkey, and a chain)

then run openssl (editing domain name and password)

sudo openssl pkcs12 
        -export -in /etc/letsencrypt/live/domain.name.com/fullchain.pem 
        -inkey /etc/letsencrypt/live/domain.name.com/privkey.pem 
        -out cert_and_key.p12 
        -CAfile /etc/letsencrypt/live/domain.name.com/chain.pem 
        -caname root 
        -passout pass:

then keytool (editing keystore path and password)

sudo keytool 
  -importkeystore 
  -srcstorepass 
  -destkeystore .jks 
  -srckeystore cert_and_key.p12 
  -srcstoretype PKCS12 
  -storepass 

and finally you should find the jks key on the path you wrote above.

In application.conf:

play.server.https.keyStore.path = ".jks"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.password = ""

Tested with Play 2.6.15, on Ubuntu 16 and 18