I/O Exception: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: Could not build a validated path.
You need to add their trust chain to you JRE.
I’m lazy and don’t touch Java too much so I always have to look up everything that the command line.
Here is the easiest way I found to get this done:
Log into CF Admin, go to Java & JVM under Server Settings and find your Java Virtual Machine Path
Under that, you will find the security folder under something like C:\Program Files\Java\jdk1.8.0_45\jre\lib\security. Copy that folder to your Desktop. You will make changes in this folder, then copy the changes to the production folder. Make a backup of your security folder just in case!
Download all of the PEM certs here into a folder you made on your desktop: https://letsencrypt.org/certificates/. Make sure to rename them as they are a .txt extension! Note that I tried just doing the root, then added them one by one. Eventually I just added all of them to the keystore.
Download Portecle and unzip it a folder on your Desktop. it’s a Java GUI for managing certificates key store for Java.
You now have three folders on your desktop.
Finish the job:
Open the Portecle folder and double-click on portecle.jar
You will get a nice GUI interface.
Click the folder icon, then find your Desktopsecurity folder. You will see cacerts highlighted. Select it, then click open.
Enter the default Java password “changeit” (unless you’ve done your job and actually changed it)
Click the Import Trusted Certificate icon and go to your Desktop folder where you placed the downloaded Let’s Encrypt certificates.
Pick the first one, click Import, then click Ok/Yes to everything.
Complete until you have added all of the certs.
Click SAVE in the main GUI window. Make sure to click save!
Your cacerts file can now be copied to your production JRE path. You made a copy of the original beforehand, right?
Restart ColdFusion services (using Task Manager, make sure that anything called Java* or Jetty is killed, then restarted).
Problems – still getting an error?
Make sure you are using the correct JRE path
Make really sure you are using the correct JRE path