SSL Certificates for Lucee / Let's encrypt

For translations, I have a free Deepl Account. Every night, I check database for missing translations, request Deepl and save the translations in database.

It looks like, they have updated their ssl certificate, because i get this message in the http-request:

Unknown host: PKIX path building failed: unable to find valid certification path to requested target

I requested the certificate via lucee server admin, installed it and restarted lucee.
As they use Let’s encrypt, the new certificate will be only valid for 2-3 months and then replaced again.
Do I need to switch the JDK for the trust for let’s encrypt? Or does the OS need an update of the certificate providers?

OS: Ubuntu 20 LTS
Java Version: (Eclipse Adoptium) 64bit
Tomcat Version: Apache Tomcat/9.0.65
Lucee Version: /

Did you see this thread - SSL Cert Issue (cert storage) for ideas…
and double check lucee-server\context\security\cacerts with a cert store viewer?

I think below Lucee 6.0 Lucee has its own truststore, but as far as I can recall it imports the truststore from Java. So, updating Java should also update the Lucee truststore.

But, just like @anderslars27 told, in such a scenario using Lucee<6, where you know a domain and you trust that domain, I import the SSL certificate programatically. When the requests causes the PKIX error, I catch it and import it using sslCertificateInstall() without the need to go through the server admin.

1 Like