Well, it looks like either your keystore password is wrong in the configuration, or you haven’t set the keystore up at all.
I have to hop into a meeting now, but basically:
- Acquire a certificate using Certbot or another Let’s Encrypt client. Have you done this or not?
- Export the certificate you acquired from
/etc/letsencrypt
and import it into a keystore file that Tomcat can read - Point Tomcat at that keystore file with the correct passphrase.