Creating cert

Installing cert on raspberry:

# install certbot
sudo apt-get install certbot 

# port 80 has to be opened on the server
sudo certbot -v certonly -a standalone -d yourdomain.org -d www.yourdomain.org

# it generates keys and cert to this folder: /etc/letsencrypt/live/yourdomain/
cd /path/to/your/generated/keys

# Generated files:
drwxr-xr-x 2 root root 4096 Apr  8 15:54 .
drwx------ 3 root root 4096 Apr  8 15:36 ..
lrwxrwxrwx 1 root root   34 Apr  8 15:36 cert.pem -> ../../archive/yourdomain.org/cert1.pem
lrwxrwxrwx 1 root root   35 Apr  8 15:36 chain.pem -> ../../archive/yourdomain.org/chain1.pem
lrwxrwxrwx 1 root root   39 Apr  8 15:36 fullchain.pem -> ../../archive/yourdomain.org/fullchain1.pem
lrwxrwxrwx 1 root root   37 Apr  8 15:36 privkey.pem -> ../../archive/yourdomain.org/privkey1.pem
-rw-r--r-- 1 root root  692 Apr  8 15:36 README


# for springboot pkcs12 needed
`openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root`

# it will add one more file:
drwxr-xr-x 2 root root 4096 Apr  8 15:54 .
drwx------ 3 root root 4096 Apr  8 15:36 ..
lrwxrwxrwx 1 root root   34 Apr  8 15:36 cert.pem -> ../../archive/yourdomain.org/cert1.pem
lrwxrwxrwx 1 root root   35 Apr  8 15:36 chain.pem -> ../../archive/yourdomain.org/chain1.pem
lrwxrwxrwx 1 root root   39 Apr  8 15:36 fullchain.pem -> ../../archive/yourdomain.org/fullchain1.pem
-rw------- 1 root root 4186 Apr  8 15:54 keystore.p12
lrwxrwxrwx 1 root root   37 Apr  8 15:36 privkey.pem -> ../../archive/yourdomain.org/privkey1.pem
-rw-r--r-- 1 root root  692 Apr  8 15:36 README


# copy your cert a folder which available for your application
cp /path/to/your/generated/keys/keystore.p12 /path/to/your/keystore/

# start springboot with externalized security config 
java -Dserver.ssl.key-store=/path/to/your/keystore/keystore.p12 -Dserver.ssl.key-store-password=yourpwd -Dserver.ssl.keyStoreType=PKCS12 -Dserver.port=8443 -Dsecurity.require-ssl=true -jar /your/application/yourapp-0.0.2-SNAPSHOT.jar

Adding new hosts to cert (--expand):

sudo certbot -v certonly -a standalone -d yourdomain,www.yourdomain,new.yourdomain,other.yourdomain --expand

Update certs:

sudo certbot renew

https://certbot.eff.org/lets-encrypt/debianbuster-other

https://stackoverflow.com/questions/36991562/how-can-i-set-up-a-letsencrypt-ssl-certificate-and-use-it-in-a-spring-boot-appli