Run Certbot to create a new certificate and a new private key on the Jenkins Machine and follow the steps inside the command:
sudo certbot certonly --standalone
Then run the following to extract the JKS (Java Key Store) file:
openssl pkcs12 -export -in /etc/letsencrypt/live/<yourdomainname>/fullchain.pem -inkey /etc/letsencrypt/live/<yourdomainname>/privkey.pem -out /var/lib/jenkins/.ssl/certificate.p12 -name "certificate"
keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore cert.jks
Create a folder inside /var/lib/jenkins and call it ".ssl":
mkdir /var/lib/jenkins/.ssl
Copy the JKS file into the .ssl folder:
cp cert.jks /var/lib/jenkins/.ssl/
Change the mode and owner of the JKS file:
cd /var/lib/jenkins/
chmod 700 .ssl/cert.jks
chown -R jenkins:jenkins .ssl/
Edit the following in the /etc/sysconfig/jenkins file:
JENKINS_HTTPS_PORT="8443"
JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/.ssl/cert.jks"
JENKINS_HTTPS_KEYSTORE_PASSWORD="<your passkey here>"
then reroute port 443 to port 8443:
firewall-cmd --zone=public --add-service=https
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
firewall-cmd --list-all
Top comments (0)