How to add Let's Encrypt to the Java allowed certificates?
Download all the certificates on https://letsencrypt.org/certificates/ (choose the der format) and add them one by one with this kind of command (example for letsencryptauthorityx1.der
):
keytool -import -keystore PATH_TO_JDK\jre\lib\security\cacerts -storepass changeit -noprompt -trustcacerts -alias letsencryptauthorityx1 -file PATH_TO_DOWNLOADS\letsencryptauthorityx1.der
Update: According to https://community.letsencrypt.org/t/which-browsers-and-operating-systems-support-lets-encrypt/4394 , DST Root CA X3 was added with versions 7u111+ and 8u101+ on 2016-07-19 therefore it may not be necessary to add the certificates on updated versions of JDK/JRE 7 and 8.
I have fixed this by importing the Intermediate Certificates (https://letsencrypt.org/certificates/) onto the trust store (using keytool or portecle, see link below). Apparently, adding the "ISRG Root X1" root certificate did not work on its own, adding all of the certificates caused the errors to go away.
In order to achieve this I have followed this question's most popular answer: https://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail but it should also work with https://stackoverflow.com/questions/2138940/import-pem-into-java-key-store