I don’t think Tomcat knows how to read PEM files directly. Certainly it didn’t a few years ago when I last used it.
You can import PEM files into either a Java Keystore or PKCS12 file, and tell Tomcat to read those. You would need to ensure that each time the certificate is renewed, these steps are done again (e.g. automatically by a script) so that the certificate used by Tomcat isn’t left to expire.
I suggest here the PKCS12 type, to use this you will need to do several steps, I hope I explain these well, but please respond if you get stuck and I or someone else will try to help because I am not trying this as I explain it.
This creates the file /home/hoavo/myca/letsencrypt.p12 from the Let’s Encrypt PEM files (of course you can call this file something different if you choose)
Modify Tomcat configuration appropriately
You need to modify your Tomcat configuration file that you have now as follows :
Change everywhere that says /home/hoavo/myca/tomcat.keystore to say /home/hoavo/myca/letsencrypt.p12 (or whatever you called the new PKCS12 file you created in the first step)
Remove the keystorePass and trustStorePass settings entirely
Add keystoreType=“PKCS12” and trustStoreType=“PKCS12”
Cross fingers I got all of the above right and it now works.