Certbot Directions

Before installing the Certbot I had a question on the part of the installation where it says , " As described in section 5 above, Certbot for Windows currently cannot install the certificate in Apache or Nginx for you. As of the most recent release, you will have to edit your web server application’s configuration to install the certificate yourself after Certbot has obtained it." I have a Tomcat we server on Windows Server 2019. I was just wondering what configuration this is referring to. After running the commands before this step, where is the certificate from Certbot going to be for me to install it in the configuration file? Where is the web server configuration file? In the Tomcat directory or the Windows directory? Thanks for any help.

2 Likes

Hi and welcome to the forum.

As you can tell by the lack of response, there are not a lot that are familiar with Tomcat on Windows.
Certbot for Windows is pretty straight forward and we can help you get a cert with that.

First, to answer some of your questions.

Section 6 tells you where the cert files can be found.
Certificates are located in C:\Certbot\live\[certificate_name]

That is a Tomcat for Windows question, that will probably go unanswered in this forum.

Things to know:
The configs for Tomcat (for Linux) are not easy to find nor tinker with.
[I suspect things in Windows would be similar]
I would look for a tutorial on "how to add tls/https to Tomcat for Windows" to be safe.

There are two main parts to enabling HTTPS/TLS:

  • The authentication part
    This can be done one of several primary ways (both of which can be done manually and in an automated fashion - we will focus on automation):
    -- via HTTP authentication
    For this to work certbot must place a challenge response file in a very specific location - which can be determined from the web server config file (not too sure about Tomcat integration here) or via a direct user definition (using the --webroot option). You could also be daring and modify the Tomcat config to explicitly indentify the location - here following a well written guide would be useful (and not try to re-invent a working wheel)
    -- via DNS authentication
    For this to work an entry would have to be placed into the global DNS TXT record for that FQDN
    This can be done manually or via an API (but only if your DNS provider supports DNS updates via API). I'm not even sure if Certbot for Windows has DNS API support (the software is still kind of new)
  • The installation part
    As stated in part #5, Certbot for Windows will NOT be able to install the cert for you.
    This part will have to be done entirely by hand (here a working guide would be the way to go)
2 Likes

Thank you very much for the response. I think I know what you mean. This server is used by technicians to look at rf signals and cable modem data. The only reason I need https is for the Google maps functionality. The vendor whose software we are using gave me a document on how to enable https however they only gave me the portion on the server side and not the CA process. Which lead me to here and Certbot.