Do you need the certificate?

There are conditions which require a manual certificate setup:

  • You are running a Java version prior to 1.8.101 (run java -version to check).
  • You are using one of the JAR-based launchers (see here).

I'm using certificates from LetsEncrypt on my server. If both of the above conditions apply to you, you need to add the corresponding root certificate to Java's own certificate store which is independent from the system's one.

Getting the certificate

Download the root certificate DSTRootCAx3.cer

Adding CAcert certificate to Java's certificate store

On Windows

  1. Start cmd as administrator (important!)
  2. Run the following commands
    Replace #_## with your current java version
    cd C:\Program Files\Java\jre1.8.#_##\bin
    keytool -keystore ..\lib\security\cacerts -storepass changeit -import -trustcacerts -alias dstroot -file C:\path\to\DSTRootCAx3.cer
  3. Confirm the certificate by entering yes

On Linux

  1. Open terminal
    sudo keytool -keystore /usr/lib/jvm/default-java/jre/lib/security/cacerts \
      -storepass changeit \
      -import \
      -trustcacerts \
      -alias dstroot \
      -file /path/to/DSTRootCAx3.cer
  2. Confirm the certificate by entering yes