Letsencrypt Tomcat

Hey there.

EDIT I installed a newer version of Tomcat - Tomcat 8.0, but the problem remains unsolved. EDIT Judging by this link apache.org, the problem can be solved by changing server.xml (of tomcat) and some changes of httpd.conf (concerning virtual host). But as allways in this world, this article does not provide any concrete examples. The free certification authority Lets Encrypt's certbot automates most of the things needed. You just need to meet some fairly obvious requirements. Certbot, however, doesn't run on Windows, and there's no direct replacement for it. So what if you're stuck on a Windows machine,.

I am a beta participant and have used the client to obtain a certificate for the domain dynamically associated with my NAS.
Since I can't run the client directly on my NAS I used manual mode to get the cert and imported it on my Synology NAS (chain, cert and privkey). So now I can access my NAS and all things hosted on my NAS like my simple homepage and WordPress blog by HTTPS and use a valid and trusted certificate, which is nice.
However tomcat does its own thing, runs on port 7070 for HTTP and needs additional configuration to accept HTTPS traffic on its default secure port 8443. Following the tomcat documentation I created a java keystore and configured the connector for port 8443 in tomcat's server.xml file. I added both the chain and cert file to the keystore, but connection attempts to my domain on port 8443 time out. I wonder how this is supposed to work without the privkey, but the tomcat documentation doesn't mention the need for a key or maybe I'm just interpreting it wrong.

Is there any one out there who attempted to use the output of let's encrypt client's manual mode for tomcat?

Any feedback is much appreciated. Thanks in advance.

How to use Let's Encrypt with Tomcat on a Windows server.

Minimum Requirements:

• Windows Server 2008
  • Administrator rights
• Tomcat 8 (maybe 7?)
  • Access to the directory with certificates
• win-acme.v2.0.5.246.zip
  • .NET Framework 4.7.2
  • Direct internet access (to acme-v01.api.letsencrypt.org)
  • Access to Tomcat docBase directory
  • Access to directory with certificates

Tomcat

Add a docbase directory in D:mytomcatdocbase.Edit at the end of D:mytomcatconfserver.xml to look like this:

Stop & start the Tomcat service:

To better understand how the ACME challenge work you can add some extra HTML-fileswith these DOS-commands:

The Tomcat configuration can now be tested OK athttp://example.org/.well-known/. This is the directory the ACME challenge protocol is going to use so make sure it is working.

wacs.exe

Directories used by wacs.exe:

• D:mytomcatdocbase
• D:ssl

Renew

wacs.exe

Directories used by wacs.exe:

• D:mytomcatdocbase
• D:ssl

Renew

After the tomcat webserver has been restarted the certificate can be tested athttps://example.org/.well-known/.

Note

LESW need access to both the Tomcat docbase directory and https://letsencrypt.org/ (internet access) at the same time.In my installation Tomcat can not access internet by itself so I had to use my desktop PC and mount a SMB share from the webserver:

A script could run on my desktop to renew the certificate later on.

Script renewcertificate.cmd:

TODO With the following premises it is not an easy task:

Let's Encrypt Tomcat Free

• Apache ActiveMQ Artemis
• Apache Tomcat (to communicate with Let's Encrypt)
• Microsoft Windows
• WACS Win-Acme
• OpenSSL

Task

• Get certificate with WACS
• Renew with Windows Task Scheduler
• Convert PEM files to P12 with OpenSSL
• Convert P12 to keystore with Java keytool
• Restart ActimeMQ

Let's Encrypt Tomcat Mac

When the keys has been generated and the certificate received, the certificate can be loaded with these commands:

Let's Encrypt Tomcat File

For more information go to visualsvn.com/server .