Cry for help! Windows/Tomcat/SSL/Let's Encrypt

Progress, I think - at least I am not getting errors in the Tomcat logs any more. Here is what I did, for future reference:

  1. Installed Let’s Encrypt on a Mac in terminal app:
    git clone

  2. Generated certificate fles:
    letsencrypt-auto --agree-dev-preview --server certonly -a manual —debug

  • that gave files fullchain1.pem, cert1.pem, chain1.pem and privacy1.pem in directory /etc/letsencrypt/live/
  • I had to do chown’s and chmod’s to get to that directory and retrieve the .pem files
  1. Transferred the .pem files to the Windows Server VM

  2. On Windows command line:
    openssl pkcs12 -export -in fullchain1.pem -inkey privkey1.pem -out fullchain_and_key.p12 -name tomcat
    [password requested: entered twice and noted - it is shown as “password_from_4” in the text below…]

  3. On Windows command line:
    keytool -importkeystore -deststorepass password_from_4 -destkeypass password_from_4 -destkeystore MyDSKeyStore.jks -srckeystore fullchain_and_key.p12 -srcstoretype PKCS12 -srcstorepass password_from_4 -alias tomcat

  4. Copied the keystore file MyDSKeyStore,jks to the Tomcat conf folder, i.e. C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf in my case

  5. Edited server.xml to include the following connector entry:

  6. Restarted Tomcat service - no errors in catalina log.

Browsing to still doesn’t work, but browsing to https://localhost:8443 gives the Tomcat “success” page, albeit with a red triangle in the address bar as shown on the attached screenshot. Looks like I am on the right track, but still some things to fix!