I have recently switched to Let's Encrypt Private Beta for several of my domain names, and as a consequence several of my Java programs have stopped working because the certificate is not in the trust store I believe.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have attempted various things, such as going into Windows' Java configuration panel, or adding the root certificates to the cacerts.
How do we export/download a .csr or .p12 file from Let's Encrypt root CA in order to import it to the Java list of certificates, preferably in such a way that all Let's Encrypt secured domains are accepted, not just my domain?
I have tried downloading the root certificates at https://letsencrypt.org/certificates/ and adding them to the lists, but to no avail. I have also tried adding /etc/letsencrypt/live/<my_website>/cert.pem
to the sites but it didn't work. I even tried to add it to the cacerts with keytool using this: https://stackoverflow.com/questions/2138940/import-pem-into-java-key-store No matter what I try, it doesn't work (the same error above appears).
Amongst the googling I've done, I've also found this: https://community.letsencrypt.org/t/will-the-cross-root-cover-trust-by-the-default-list-in-the-jdk-jre/134/13 but was unable to make use of information inside it.