shabeebrp
commented
5 years ago Hi, I am a new contributor, I would like to take this issue, can anybody help me in figuring out how to proceed?
Open stevehu opened 6 years ago
shabeebrp
commented
5 years ago Hi, I am a new contributor, I would like to take this issue, can anybody help me in figuring out how to proceed?
stevehu
commented
5 years ago @shabeebrp Welcome to the team. ACME is a protocol that you can get the certificate automatically within your Java application.
https://tools.ietf.org/html/rfc8555
The particular implementation of acme4j is integrated with Let's Encrypt tightly. Most of our personal users are using Let's Encrypt certificates but it needs to be renewed every 3 months. The process is that you need to expose your service to the internet and the let's encrypt will challenge your service with your domain name to confirm that your service and domain are matching. Once it is confirmed, it will issue the certificate to your service.
Since light-4j is a service already, we can just allow let's encrypt to access our service instance through the domain name for the challenge. Once we get the certificates, we can put it into the server.keystore and server.truststore for later usage. There is a spring-boot implementation that might give us some ideas.
https://github.com/creactiviti/spring-boot-starter-acme
I would recommend writing an RFC document in light-rfcs repository in a branch and create a pull request. In this way, we can invite more people into the discussion. I've sent you an invite to join light-contributor which has the write access to the light-rfcs repo.
shabeebrp
commented
5 years ago @stevehu Started exploring more about this topic and will create RFC document once I gather enough information.
shabeebrp
commented
5 years ago
https://github.com/shred/acme4j