I feel like Java and PKCS#12 stuff is one area where this forum's expertise is unfortunately fairly thin, so I don't think there would be anything at all wrong with trying a different forum where people might have more experience with that.
On this forum, when users are using Tomcat, people have often suggested not using Tomcat's HTTPS support directly, and instead creating a reverse proxy with something like Caddy (that has built-in Let's Encrypt support) that then proxies to a TCP port on localhost where Tomcat is listening. That can be a very quick and convenient solution, but I also understand if people want to get things working with a Tomcat-only approach. But it's just not something that most people on this forum have had that much experience with. 